Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Splunk Objects With Permissions Granted to Non-existent Roles

REST

Description

Submitted by ItsJohnLocke

Useful search to show a bit of detail on roles and user permissions.
2 0 
| rest /servicesNS/-/-/admin/directory count=0 splunk_server=local
 | fields eai:acl.app, eai:acl.owner, eai:acl.perms.*, eai:acl.sharing, eai:location, title
 | eval perms=mvappend('eai:acl.perms.read','eai:acl.perms.write')
 | fields - eai:acl.perms.*
 | mvexpand perms
 | where perms!="*" AND NOT
 [
 | rest /servicesNS/-/-/authorization/roles count=0 splunk_server=local
 | fields title
 | rename title as perms
 ]
I found this at: https://gist.github.com/acharlieh/3254a7ab13297c760376 Credit goes to acharlieh!

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom