Solved: SPL | REST command does not work when non-Admin

simpkins1958 · ‎07-30-2019

User with these capabilities fails, but ADMIN user works.

This SPL works fine when logged in as ADMIN, but does not work when logged in as a poweruser account. What capabilities do I need to turn on for user when not ADMIN?

Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/authentication/httpauth-tokens?count=0 from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API.

renjith_nair · ‎07-30-2019

@simpkins1958 ,

For the specific rest endpoint you are using, you should add list_httpauths in addition to the rest_properties_get

Details in : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities

View solution in original post

renjith_nair · ‎07-30-2019

@simpkins1958 ,

For the specific rest endpoint you are using, you should add list_httpauths in addition to the rest_properties_get

Details in : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities

View solution in original post

renjith_nair · ‎07-30-2019

@simpkins1958 ,

rest_properties_get should be enough if you want to use GET

Reference : https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/Rolesandcapabilities

simpkins1958 · ‎07-30-2019

rest_properties_get has been enabled and still not working.

anwarmian · ‎06-29-2021

If you provide all the capabilities to a user level role it still won't work. I gave all the capabilites--I mean all still the user didn't have | rest splunk_server=local /services/authentication/ capabilities. Only the Admin role has.

SPL | REST command does not work when non-Admin

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE! Catch Up Now >>

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>