Splunk Dev

Seeking Clarification: User Provisioning in Splunk API (Cloud vs Enterprise)

martinalbert
Explorer

Hello, I’m currently working with the Splunk API and I would love some clarification on a few points related to user provisioning.

Through my testing of the Enterprise on-premise API, I’ve found multiple options for listing user-related entities, such as different namespaces, and methods for listing entities (users, roles, and permissions) in various services (admin and authentication services) as well as different platforms and products.

I would appreciate any guidance regarding the user provisioning domain and how user provisioning works across Splunk products, platforms and services.

Here are my questions:
1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?
2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?
3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

Labels (1)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@martinalbert - Here are answers to your questions:

1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?

A. Yes similar structure, but may not be exactly same.


2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?

A. Yes similar structure, but may not be exactly same.


3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

A. ACL (Sharing) in Splunk is not related to role, but rather related to Users and Apps.

VatsalJagani_1-1686031457449.png

 

 

I hope this helps!!!

View solution in original post

martinalbert
Explorer

Thank you @VatsalJagani, I appreciate it, but would need more detailed informations regarding the differences.

You mentioned that they may not be exactly the same. Can you elaborate on what you meant by "not exactly the same"?

Also regarding the ACL, I understand that it's related to Users and Apps, but how is ACL setup for specific entities? The screenshot you provided mentions that entity owners always have read/write permission, what about other users, how can I setup ACL permissions for them?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@martinalbert - You need to find the exact difference from the Rest Endpoint reference document as below:

 

For ACL, you can set the permission for each object for other users. (From Edit Permissions)

VatsalJagani_0-1686054204308.png

Actually my bad in my initial response, I mentioned there is nothing for roles, but you can set read/write permission per role.

 

I hope this helps!!!

martinalbert
Explorer

Thanks @VatsalJagani, based on reference manual, they should be identical, there is just one documentation page that makes me unsure and that is ACS API manual for cloud platform.

What is the difference in using ACS API and standard API for listing users for example?

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

They are also similar but slight differences for example, Splunk cloud has sc_admin role vs enterprise version has admin role.

* So some small differences but otherwise its very similar. 

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@martinalbert - Here are answers to your questions:

1. Are REST API’s user provisioning entities, that I’ve found in the Enterprise platform, also available in the Cloud platform and across the services with identical structure?

A. Yes similar structure, but may not be exactly same.


2. Are user provisioning entities in Enterprise platform available in similar scope and on similar endpoints as in Cloud platform?

A. Yes similar structure, but may not be exactly same.


3. Are ACL settings, that I can find under different entities in API, tied to specific capabilities? If not, what defines the ACL?

A. ACL (Sharing) in Splunk is not related to role, but rather related to Users and Apps.

VatsalJagani_1-1686031457449.png

 

 

I hope this helps!!!

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...