Splunk Cloud Platform

Admin Config Service Manual

Manage ACS API access with capabilities

You can manage access to Admin Config Service (ACS) API endpoints using the role-based access controls of Splunk Cloud Platform. To run a specific ACS operation against an ACS endpoint, a user's assigned role must contain the capabilities required to access the endpoint.

For example, to run a POST operation against the indexes endpoint to create a new index, your role must have the indexes_edit capability.

Any user whose role contains the required capabilities can run operations against ACS API endpoints, not just the sc_admin (Splunk Cloud Platform Admin) role.

For instructions on how to create roles and assign capabilities, see Create and manage roles with Splunk Web..

For more information on role-based access controls in Splunk Cloud Platform, see Define roles on the Splunk platform with capabilities.

Required ACS capabilities

The following table lists the capabilities required to run ACS operations against each ACS endpoint. The sc_admin role has the required capabilities to run operations against most ACS endpoints by default. See table entry for exceptions.

ACS feature ACS operation HTTP Method ACS endpoint Required capability
Manage apps List apps GET apps None
Install app (Classic) POST apps dmc_deploy_apps
Describe app (Classic) GET apps/{app} None
Uninstall app (Classic) DELETE apps/{app} dmc_deploy_apps
List apps (Victoria) GET apps/victoria None
Install app (Victoria) POST apps/victoria edit_local_apps AND install_apps
Upgrade app (Victoria) PATCH apps/victoria/{app} edit_local_apps AND install_apps
Describe app (Victoria) GET apps/victoria/{app} None
Uninstall app (Victoria) DELETE apps/victoria/{app} edit_local_apps AND install_apps
Export apps (Victoria) GET app/victoria/export/download/{app_id} export_apps (sc_admin does not have this capability by default)
Manage app permissions List app permissions (Victoria) GET permissions/apps None
Describe app (Victoria) GET permissions/apps/{app-name} None
Configure app permissions (Victoria) PATCH permissions/apps/{app-name} edit_local_apps AND install_apps
Manage indexes Create index POST indexes indexes_edit AND search
List indexes GET indexes indexes_edit AND search
View individual index GET indexes/{name} indexes_edit AND search
Update index PATCH indexes/{name} indexes_edit AND search
Delete index DELETE indexes/{name} indexes_edit AND search
Manage HEC tokens List HEC tokens (Victoria) GET inputs/http-event-collectors list_token_http OR edit_token_http
Create HEC token (Victoria) POST inputs/http-event-collectors edit_token_http AND indexes_edit AND search
Describe HEC token (Victoria) GET inputs/http-event-collectors/{hec} list_token_http OR edit_token_http
Update HEC token (Victoria) PUT inputs/http-event-collectors/{hec} edit_token_http AND indexes_edit AND search
Delete HEC token (Victoria) DELETE inputs/http-event-collectors/{hec} edit_token_http
List HEC tokens (Classic) GET inputs/http-event-collectors dmc_deploy_apps AND dmc_deploy_token_http
Create HEC token (Classic) POST inputs/http-event-collectors dmc_deploy_apps AND dmc_deploy_token_http AND indexes_edit
Describe HEC token (Classic) GET inputs/http-event-collectors/{hec} dmc_deploy_apps AND dmc_deploy_token_http
Update HEC token (Classic) PUT inputs/http-event-collectors/{hec} dmc_deploy_apps AND dmc_deploy_token_http AND indexes_edit
Delete HEC token (Classic) DELETE inputs/http-event-collectors/{hec} dmc_deploy_apps AND dmc_deploy_token_http
Manage limits.conf configs List limits.conf settings GET limits acs_conf AND admin_all_objects
List limits.conf settings in a stanza GET limits/{stanza} acs_conf AND admin_all_objects
Edit limits.conf settings POST limits/{stanza} acs_conf AND admin_all_objects
Get a limits.conf setting GET limits/{stanza}/{setting} acs_conf AND admin_all_objects
Reset limits.conf settings POST limits/{stanza}/reset acs_conf AND admin_all_objects
Manage auth tokens View existing tokens GET tokens edit_tokens_all OR list_tokens_all
Create token POST tokens edit_tokens_all AND edit_tokens_settings
View individual token GET tokens/{tokenID} edit_tokens_all OR list_tokens_all
Delete token DELETE tokens/{tokenID} edit_tokens_all OR edit_tokens_settings
Configure IP allow lists List subnets on allow list GET access/{feature}/ipallowlists acs_list_ip_allow_list
Add subnets to allow list POST access/{feature}/ipallowlists edit_ip_allow_list
Delete subnets DELETE access/{feature}/ipallowlists edit_ip_allow_list
Delete individual subnet DELETE access/{feature}/ipallowlists/{subnet} edit_ip_allow_list
Configure outbound ports List outbound ports GET access/outbound-ports acs_list_outbound_ports
Create outbound port POST access/outbound-ports acs_edit_outbound_ports
Describe outbound port GET access/outbound-ports/{port} acs_list_outbound_ports
Delete outbound port DELETE access/outbound-ports/{port} acs_edit_outbound_ports
View maintenance windows List maintenance window schedules GET maintenance-windows/schedules acs_list_maintenance_windows
Describe maintenance window schedule GET maintenance-windows/schedules/{scheduleID} acs_list_maintenance_windows
Configure private connectivity Validate private connectivity GET private-connectivity/eligibility acs_list_private_connectivity
Describe private connectivity GET private-connectivity/endpoints acs_list_private_connectivity
Enable private connectivity POST private-connectivity/endpoints acs_edit_private_connectivity
Update private connectivity PATCH private-connectivity/endpoints acs_edit_private_connectivity
Manage restarts Initiate search head restart (Victoria) POST restart-now restart_splunkd (non-clustered SH) OR

edit_search_head_clustering (SHC)

Initiate search head restart (Classic) POST restart-now restart_splunkd (for both non-clustered SH and SHC)
Check restart status (SHC only) (Victoria and Classic) GET restart/status list_search_head_clustering
Last modified on 10 December, 2024
Target a specific search head for ACS operations   Configure IP allow lists for Splunk Cloud Platform

This documentation applies to the following versions of Splunk Cloud Platform: 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters