The documentation for 'restmap.conf' can be obtained here: https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/Restmapconf
The purpose of the 'capability' attribute is to restrict a user without that particular capability to hit that endpoint. I used the attribute to do the same. But I observed some anomaly here. It is as described below:
handlertype = python
handlerfile = splunk_ta_addon_rh_server.py
handleractions = edit, list, remove, create
handlerpersistentmode = true
capability = admin_all_objects
As per the Splunk docs, a user without this capability should not be able to access the 'splunk_ta_addon_server' endpoint. But in this case, it allows the user to access the endpoint.
But when I added the same attribute in a different stanza, as displayed below, the attribute is working fine and it does not allow the user to access the restricted endpoint.
match = /
members = splunk_ta_addon_server
Can anyone please explain, why is there such a difference in the behaviour of the attribute in different stanzas? Am I missing something here?
... View more