Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

martinalbert
Explorer
‎06-02-2023 12:47 AM

Hello, I’m currently working with the Splunk API and I would love some clarification on a few points related to user provisioning.

Through my testing of the Enterprise on-premise API, I’ve found multiple options for listing user-related entities, such as different namespaces, and methods for listing entities (users, roles, and permissions) in various services (admin and authentication services) as well as different platforms and products.

I would appreciate any guidance regarding the user provisioning domain and how user provisioning works across Splunk products, platforms and services.

Here are my questions:
1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?
2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?
3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-05-2023 11:04 PM

@martinalbert - Here are answers to your questions:

1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?

A. Yes similar structure, but may not be exactly same.


2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?

A. Yes similar structure, but may not be exactly same.


3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

A. ACL (Sharing) in Splunk is not related to role, but rather related to Users and Apps.

VatsalJagani_1-1686031457449.png

 

 

I hope this helps!!!

View solution in original post

Reply
Solved! Jump to solution

martinalbert
Explorer
‎06-06-2023 05:02 AM

Thank you @VatsalJagani, I appreciate it, but would need more detailed informations regarding the differences.

You mentioned that they may not be exactly the same. Can you elaborate on what you meant by "not exactly the same"?

Also regarding the ACL, I understand that it's related to Users and Apps, but how is ACL setup for specific entities? The screenshot you provided mentions that entity owners always have read/write permission, what about other users, how can I setup ACL permissions for them?

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-06-2023 05:24 AM

@martinalbert - You need to find the exact difference from the Rest Endpoint reference document as below:

 

For ACL, you can set the permission for each object for other users. (From Edit Permissions)

VatsalJagani_0-1686054204308.png

Actually my bad in my initial response, I mentioned there is nothing for roles, but you can set read/write permission per role.

 

I hope this helps!!!

Reply
Solved! Jump to solution

martinalbert
Explorer
‎06-06-2023 07:38 AM

Thanks @VatsalJagani, based on reference manual, they should be identical, there is just one documentation page that makes me unsure and that is ACS API manual for cloud platform.

What is the difference in using ACS API and standard API for listing users for example?

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-07-2023 01:37 AM

They are also similar but slight differences for example, Splunk cloud has sc_admin role vs enterprise version has admin role.

* So some small differences but otherwise its very similar. 

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-05-2023 11:04 PM

@martinalbert - Here are answers to your questions:

1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?

A. Yes similar structure, but may not be exactly same.


2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?

A. Yes similar structure, but may not be exactly same.


3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

A. ACL (Sharing) in Splunk is not related to role, but rather related to Users and Apps.

VatsalJagani_1-1686031457449.png

 

 

I hope this helps!!!

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...