How to delete users with realms via REST API in En...

rturk · ‎10-15-2014

Hi Splunkers & Splunkettes,

So when attempting to remove a configured user via a REST API call, I don't seem to be able to specify a unique user by realm. For example, If I configure two users:

username: svc_splunk

realm: blank

and

username: svc_splunk

realm: SA-ThreatIntelligence

Issuing the following command will remove the first one:

curl -k -u admin:pass --request DELETE \
    https://localhost:8089/servicesNS/nobody/search/storage/passwords/:svc_splunk:

``However, when running it again, I am advised that the user doesn't exist (despite the fact it's present on the Credential Manager page).

From the docs (LINK) there appears to be no way to specify the realm, hence no way to delete the user.

Is there something undocumented that I'm missing?

PS. The current method of changing & deleting users once added is horrible

sduff_splunk · ‎08-11-2015

curl -k -u admin:changeme --request DELETE https://localhost:8089/servicesNS/nobody/search/storage/passwords/realm:username:

For example, the user 'simon' in realm 'work' would be

curl -k -u admin:changeme --request DELETE https://localhost:8089/servicesNS/nobody/search/storage/passwords/work:simon:

How to delete users with realms via REST API in Enterprise Security Credential Management?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?