I need to change sharing and permissions for a lookup table file using the REST API.
I have been searching high and low for documentation, but I have been unable to find anything.
Does anyone have an idea how this is done?
Got it:
curl -k -u admin:password http://localhost:8089/servicesNS/js/search/data/lookup-table-files/lookup.csv/acl -d owner=js -d sharing=app -d perms.read=* -d perms.write=*
Got it:
curl -k -u admin:password http://localhost:8089/servicesNS/js/search/data/lookup-table-files/lookup.csv/acl -d owner=js -d sharing=app -d perms.read=* -d perms.write=*
That's a good catch. It helped me now to automate the 'Roles'(edit permissions) for dashboards/fields/tags.. etc
Thank you!
Hi, I'm hoping you could share this knowledge. Especially as it relates to tags. We have tons of tags that needs to be added and have permissions set.
Posting this as I cannot see the comment supposedly posted here by kartik13.
Got the answer finally.
You can update the permission of tags through REST API having a POST request at the following url and parameters:
https://localhost:8089/servicesNS/ks/search/saved/fvtags/tag_name/field%3Dvalue/acl -d owner="ks" -d sharing="app" -d perms.read="*" -d perms.write="*"
Unfortunately, this doesn't work for me. I do not appear to have a "fvtags" section. I have to use a "tags" url like below, but it doesn't work to look at the acl as expected in my 2nd url below.
https://serverDNSname:8089/servicesNS/<username>/<app-name>/search/tags
https://serverDNSname:8089/servicesNS/<username>/<app-name>/search/tags/host%3Dvalue/acl
Can you confirm that the separator characters between host and value are "percent 3D"?
In the first url, it appears to be two colons.
Error received:
Unknown endpoint.
host and value are basically field value pairs of of your tag. So it will be like in in this format field=value.In the URL it is encoded as %3D(in my case).Also i observed one thing .When i tried to have my username it didn't work.So i added nobody in the username and altered the owner in the paramters.Try with that too.
Found the fvtags section. This URL format works.
https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl
But I cannot modify its acl. This one below fails. I am just using a web browser to submit these btw.
https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl -d owner=username1 -d sharing=app -d perms.read=group1,group2 -d perms.write=group1,group2
In handler 'fvtags': Could not find object id=host=value -d owner=username1 -d sharing=app -d perms.read=group1,group2 -d perms.write=group1,group2
This 2nd version fails differently:
https://serverDNSname:8089/servicesNS/<username>/<app-name>/admin//fvtags/host%3Dvalue/acl -d owner="username1" -d sharing="app" -d perms.read="group1" -d perms.write="group1"
In handler 'fvtags': Invalid custom action for this internal handler (handler: fvtags, custom action: acl%20-d%20owner=%22username1%22%20-d%20sharing=%22app%22%20-d%20perms.read=%22group1%22%20-d%20perms.write=%22group1%22, eai action: list).
This third version exists, but again fails to modify.
https://serverDNSname:8089/servicesNS/<username>/<app-name>/saved/fvtags/host=value/acl
https://serverDNSname:8089/servicesNS/<username>/<app-name>/saved/fvtags/host=value/acl -d owner=username1 -d sharing=app -d perms.read=* -d perms.write=*
In handler 'fvtags': Invalid custom action for this internal handler (handler: fvtags, custom action: acl%20-d%20owner=username1%20-d%20sharing=app%20-d%20perms.read=*%20-d%20perms.write=*, eai action: edit).
Did some testing and found this working like a charm:
curl -k -u admin:changeme https://localhost:8089/servicesNS/admin/search/saved/fvtags/host%3Dvalue/acl -d owner="nobody" -d sharing="global" -d perms.read="user" -d perms.write="admin,power,user"
Unfortunately, that isn't working for me. I'm on version 6.2.7. Could that be it?
Also, I have a search cluster, could that be breaking this feature?
In handler 'fvtags': Type = tags, Context = (user: username1, app: app_name, root: /dir1/opt/splunk/etc), Acting as = username1: Replication-related issue: Cannot move asset lacking a pre-existing asset ID: /username1/app_name/tags/host=hostname
Too Awesome....
Thanks @spause
Hi , can you please explain. As i did same thing but in response i am getting Unknown Url endpoint
Maybe you just need to replace ../js/.. with your own username and ../lookup.csv with your own lookup file?
Note that user "nobody" =everyone.
I tried with own username ..i am basically trying to update the permission of tags so for this i am using this url
https://localhost:8089/servicesNS/admin/search/search/tags/{tag_name}/acl
Could you please explain exactly what you are trying to achieve?
This post is originally about changing permissions on a lookup file, however from the REST endpoint in your last post im guessing that you are trying to change permissions on tags?
Please be aware that you need to access the endpoint through the current owner.
As far as i understand:
If sharing is global: https://localhost:8089/servicesNS/nobody/....
If sharing is app or private: https://localhost:8089/servicesNS/*username of owner*/....
Next comes the app directory:
eg.: https://localhost:8089/servicesNS/nobody/search/....
From here its a blur but this link has been very helpfull for me: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTaccess
I am trying to create new tags through REST API. I had success in that ,creating new tags ,but then i noticed that it's in my name and also the permission is set to private.So have to change the permission of tag to public so that it can be used .
And i can my find my tag using this url
https://localhost:8089/servicesNS/ks/search/search/tags/testTag
So , if my
username ->ks
tag_name-> testTag
So i am hitting the URL with post request with following data
https://localhost:8089/servicesNS/ks/search/search/tags/testTag/acl -d sharing="app" -d perms.read="" -d perms.write=""
But its giving me Unknown EndPoint .
Making a get on this endpoint:
https://localhost:8089/servicesNS/{user}/search/search/tags/{tagname}
does not return ACL.
This makes me think that this option doesnt exists, for this endpoint which is confirmed by:
http://localhost:8000/en-US/manager/{app}/saved/ntags?ns=-&search=&app_only=1
So in that case i cannot update the permissions of the tags through REST , right ?
As far as i understand, there are no permissions you can set on "Tags » List by tag name" which are the ones your endpoint is pointing at.
Thanks a lot @polymorphic i really appreciate you time and efforts . 🙂
Got the answer finally :
You can update the permission of tags through REST API having a POST request at the following url and parameters:
https://localhost:8089/servicesNS/ks/search/saved/fvtags/tag_name/field%3Dvalue/acl -d owner="ks" -d sharing="app" -d perms.read="" -d perms.write=""
Please check the following link
https://answers.splunk.com/answers/388854/how-can-i-change-the-permissions-of-dynamically-cr.html