How to set permissions on a custom conf file (or S...

alucarddjin · ‎07-29-2022

TL;DR;

I need to set a value on one SH in a cluster, and then tell the other SH what it is using Python. Tried using the RESTapi (see below) but any tips where someone has done it before would be great!

Full Version

I'm working on a clustered instance of Splunk. It talks to another tool using an access token which expires after so long (1 hour). When the user calls the tool and the token has expired a new token is generated and needs to be shared between the other SHs so they can use it until it expires again.

The token is set in Python and I looked to use the services.post command to update a custom conf file/stanza

service.post('/servicesNS/nobody/APP/configs/conf-app/session')

And when I run it under admin it works fine, but when I run it as a user I get an error:

HTTP 403 Forbidden -- You (user=barry) do not have permission to perform this operation (requires capability: admin_all_objects).

But I don't want the user to have admin_all_objects.

I have given the user a role which has write access to the conf file:

[APP/session]
owner = nobody
access = read : [ app_role ], write : [ app_role ]

Can anyone suggest how I can get the API to update the local conf without admin or come up with a better way to share the token between SHs?

analyst · ‎02-25-2025

Hi @alucarddjin

I have the same issue as you. Did you solve this problem? If so, could you share how you fixed it?
I’d really appreciate your help.

Thanks!

#universal configuration console (UCC) #UCC framework

How to set permissions on a custom conf file (or Share a value between clustered SH)?

add-on

app

Python

rest API

SDK

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to set permissions on a custom conf file (or Share a value between clustered SH)?