Calling audit REST webservice via service account with limited permissions

[dramliza]

Hi,

I need to get audit logs for all users and send them to SIEM for security team. In my on-premise 6.0.4 deployment I have only LDAP users.

I am able to get the audit logs with /linshare/webservice/rest/admin/v4/audit REST webservice (and btw it's totally unclear which version of API I should use - in the end I am using v4 because it's used by app itself right now even if there is v5 too).

But to get the data I have to authenticate with root account or LDAP account with SIMPLE admin role with too many permissions.

Is it possible to create and use some service account with more limited permissions for this?

I found "Technical accounts" in Legacy Admin Interface and there is some delegation possible (it seems) but I am not able to authenticate with it. Of course I have basically no idea what purpose there is for "Technical accounts" as I was not able to find any info or documentation for that.

So , is there a way how to solve this?

[wboudiche]

Hi, Technical account is equivalent to service account. You need to create it, assign permissions and after that use the delegation APIs dedicated to interoperability /linshare/webservice/rest/delegation/v2/audit endpoint.