User with these capabilities fails, but ADMIN user works.
This SPL works fine when logged in as ADMIN, but does not work when logged in as a poweruser account. What capabilities do I need to turn on for user when not ADMIN?
| rest splunk_server=local /services/authentication/httpauth-tokens
| search NOT userName="splunk-system-user"
| eval _time = strptime(timeAccessed, "%c")
| rename userName AS user
| table _time user
Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/authentication/httpauth-tokens?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API.
For the specific rest endpoint you are using, you should add list_httpauths
in addition to the rest_properties_get
Details in : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities
For the specific rest endpoint you are using, you should add list_httpauths
in addition to the rest_properties_get
Details in : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities
@simpkins1958 ,
rest_properties_get
should be enough if you want to use GET
Reference : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities
rest_properties_get has been enabled and still not working.
If you provide all the capabilities to a user level role it still won't work. I gave all the capabilites--I mean all still the user didn't have | rest splunk_server=local /services/authentication/ capabilities. Only the Admin role has.