- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do we reassign Knowledge Objects owned by a us...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do we reassign Knowledge Objects owned by a user to another user via api ? is it possible ?
We have the "Reassign Knowledge Objects" option via SplunkCloud portal in the settings but is it possible to do it via API ?
We need to do this for all KO's owner by a specific user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Find your Knowledge object and the owner - look at the below example and change as to your requirments.
example
curl -k -u admin_user:password https://<MY_CLOUD_STACK>splunkcloud.com:8089/servicesNS/nobody/YOU_APP/saved/searches/my_search/acl -d 'owner=new_user'-d 'sharing=global' -X POST
Heres some further help on ACL in cloud
https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/RESTTUT/RESTbasicexamples
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there anyway to reassign all the Knowledge Objects owner by a specific user ? instead of transferring one Knowledge object at a time ?
Also, is the "/my_search" in the example mentioned below the title of the Knowledge Object ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, is the "/my_search" in the example mentioned below the title of the Knowledge Object ?
Not quite. @deepakc only gave saved searches (aka reports) as an example. "my_search" is a URL encoded string of the title. In the example, "https://<MY_CLOUD_STACK>splunkcloud.com:8089/servicesNS/nobody/YOU_APP/saved/searches/my_search" is one property internally known as id.
Is there anyway to reassign all the Knowledge Objects owner by a specific user ? instead of transferring one Knowledge object at a time ?
Yes. To continue the example with saved searches, you can use this search to find all id's owned by the old user "old_user".
| rest /servicesNS/-/-/saved/searches/
| search eai:acl.owner = "old_user"
| fields id
Example output could be (taken from owner nobody on a standard deployment)
Then, program a script using these values to update these saved searches to new user.
To update other knowledge objects, consult REST API Reference Manual, especially Knowledge endpoint descriptions to find out how to retrieve their id's by owner. (Note saved searches is described in Search endpoint descriptions instead.)
Hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @yuanliu i understand it now, im able to get the id for all the knowledge objects owned by the user now
However im still not able to change the owner for the knowledge object via the rest command, i get the following error " <msg type="ERROR">You do not have permission to share objects at the system level</msg> </messages> "
My user account has the sc_admin role so permission should not be an issue, am i missing something ?
Any help is really appreciated
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
