Splunk Search

How to change sharing and permissions for a lookup table using the REST API?

Communicator

I need to change sharing and permissions for a lookup table file using the REST API.

I have been searching high and low for documentation, but I have been unable to find anything.

Does anyone have an idea how this is done?

1 Solution

Communicator

Got it:

curl -k -u admin:password http://localhost:8089/servicesNS/js/search/data/lookup-table-files/lookup.csv/acl -d owner=js -d sharing=app -d perms.read=* -d perms.write=*

View solution in original post

Communicator

Got it:

curl -k -u admin:password http://localhost:8089/servicesNS/js/search/data/lookup-table-files/lookup.csv/acl -d owner=js -d sharing=app -d perms.read=* -d perms.write=*

View solution in original post

Explorer

That's a good catch. It helped me now to automate the 'Roles'(edit permissions) for dashboards/fields/tags.. etc
Thank you!

Explorer

Hi, I'm hoping you could share this knowledge. Especially as it relates to tags. We have tons of tags that needs to be added and have permissions set.

0 Karma

Explorer

Posting this as I cannot see the comment supposedly posted here by kartik13.

Got the answer finally.

You can update the permission of tags through REST API having a POST request at the following url and parameters:

https://localhost:8089/servicesNS/ks/search/saved/fvtags/tag_name/field%3Dvalue/acl -d owner="ks" -d sharing="app" -d perms.read="*" -d perms.write="*"
0 Karma

Explorer

Unfortunately, this doesn't work for me. I do not appear to have a "fvtags" section. I have to use a "tags" url like below, but it doesn't work to look at the acl as expected in my 2nd url below.

https://serverDNSname:8089/servicesNS/<username>/<app-name>/search/tags

https://serverDNSname:8089/servicesNS/<username>/<app-name>/search/tags/host%3Dvalue/acl

Can you confirm that the separator characters between host and value are "percent 3D"?

In the first url, it appears to be two colons.

Error received:
Unknown endpoint.

0 Karma

Communicator

host and value are basically field value pairs of of your tag. So it will be like in in this format field=value.In the URL it is encoded as %3D(in my case).Also i observed one thing .When i tried to have my username it didn't work.So i added nobody in the username and altered the owner in the paramters.Try with that too.

0 Karma

Explorer

Found the fvtags section. This URL format works.

https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl

But I cannot modify its acl. This one below fails. I am just using a web browser to submit these btw.

https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl -d owner=username1 -d sharing=app -d perms.read=group1,group2 -d perms.write=group1,group2

In handler 'fvtags': Could not find object id=host=value -d owner=username1 -d sharing=app -d perms.read=group1,group2 -d perms.write=group1,group2

This 2nd version fails differently:

https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl -d owner="username1" -d sharing="app" -d perms.read="group1" -d perms.write="group1"

In handler 'fvtags': Invalid custom action for this internal handler (handler: fvtags, custom action: acl%20-d%20owner=%22username1%22%20-d%20sharing=%22app%22%20-d%20perms.read=%22group1%22%20-d%20perms.write=%22group1%22, eai action: list).

This third version exists, but again fails to modify.

https://serverDNSname:8089/servicesNS/<username>/<app-name>/saved/fvtags/host=value/acl

https://serverDNSname:8089/servicesNS/<username>/<app-name>/saved/fvtags/host=value/acl -d owner=username1 -d sharing=app -d perms.read=* -d perms.write=*

In handler 'fvtags': Invalid custom action for this internal handler (handler: fvtags, custom action: acl%20-d%20owner=username1%20-d%20sharing=app%20-d%20perms.read=*%20-d%20perms.write=*, eai action: edit).
0 Karma

Communicator

Did some testing and found this working like a charm:

curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/search/saved/fvtags/host%3Dvalue/acl -d owner="nobody" -d sharing="global" -d perms.read="user" -d perms.write="admin,power,user"
0 Karma

Explorer

Unfortunately, that isn't working for me. I'm on version 6.2.7. Could that be it?

Also, I have a search cluster, could that be breaking this feature?

In handler 'fvtags': Type = tags, Context = (user: username1, app: app_name, root: /dir1/opt/splunk/etc), Acting as = username1: Replication-related issue: Cannot move asset lacking a pre-existing asset ID: /username1/app_name/tags/host=hostname
0 Karma

Communicator

Too Awesome....

0 Karma

Communicator

Thanks @spause

0 Karma

Communicator

Hi , can you please explain. As i did same thing but in response i am getting Unknown Url endpoint

0 Karma

Communicator

Maybe you just need to replace ../js/.. with your own username and ../lookup.csv with your own lookup file?
Note that user "nobody" =everyone.

0 Karma

Communicator

I tried with own username ..i am basically trying to update the permission of tags so for this i am using this url
https://localhost:8089/servicesNS/admin/search/search/tags/{tag_name}/acl

0 Karma

Communicator

Could you please explain exactly what you are trying to achieve?

This post is originally about changing permissions on a lookup file, however from the REST endpoint in your last post im guessing that you are trying to change permissions on tags?

Please be aware that you need to access the endpoint through the current owner.
As far as i understand:
If sharing is global: https://localhost:8089/servicesNS/nobody/....
If sharing is app or private: https://localhost:8089/servicesNS/*username of owner*/....

Next comes the app directory:
eg.: https://localhost:8089/servicesNS/nobody/search/....

From here its a blur but this link has been very helpfull for me: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTaccess

0 Karma

Communicator

I am trying to create new tags through REST API. I had success in that ,creating new tags ,but then i noticed that it's in my name and also the permission is set to private.So have to change the permission of tag to public so that it can be used .
And i can my find my tag using this url
https://localhost:8089/servicesNS/ks/search/search/tags/testTag
So , if my
username ->ks
tag_name-> testTag
So i am hitting the URL with post request with following data
https://localhost:8089/servicesNS/ks/search/search/tags/testTag/acl -d sharing="app" -d perms.read="" -d perms.write=""

But its giving me Unknown EndPoint .

0 Karma

Communicator

Making a get on this endpoint:
https://localhost:8089/servicesNS/{user}/search/search/tags/{tagname}
does not return ACL.
This makes me think that this option doesnt exists, for this endpoint which is confirmed by:
http://localhost:8000/en-US/manager/{app}/saved/ntags?ns=-&search=&app_only=1

0 Karma

Communicator

So in that case i cannot update the permissions of the tags through REST , right ?

0 Karma

Communicator

As far as i understand, there are no permissions you can set on "Tags » List by tag name" which are the ones your endpoint is pointing at.

0 Karma

Communicator

Thanks a lot @polymorphic i really appreciate you time and efforts . 🙂

Got the answer finally :
You can update the permission of tags through REST API having a POST request at the following url and parameters:
https://localhost:8089/servicesNS/ks/search/saved/fvtags/tag_name/field%3Dvalue/acl -d owner="ks" -d sharing="app" -d perms.read="" -d perms.write=""
Please check the following link
https://answers.splunk.com/answers/388854/how-can-i-change-the-permissions-of-dynamically-cr.html

0 Karma