topic Re: API X TACACS in API / CLI Discussion

API X TACACS

nãbru — Wed, 03 May 2023 13:47:14 GMT

Hi friends,

I'm facing a difficult problem regarding the API

Today we are using TACACS , and to escalate the necessary privileges, type a set command to go up to expert next.

I'm trying to integrate an application with rest api, but I'm getting error that the user doesn't have necessary privileges.

The configuration in the manager is with ALL IP ADDRESSES

but we are getting login error, and using curl to try to login we get error 401

When we use tacacs does the api need some kind of privilege?

Re: API X TACACS

Bob_Zimmerman — Wed, 03 May 2023 14:14:45 GMT

Which API? Management (to define firewall objects and rules) or OS-level (to define things like routes and interfaces)?

Re: API X TACACS

nãbru — Wed, 03 May 2023 14:17:42 GMT

API Management only

Re: API X TACACS

Bob_Zimmerman — Wed, 03 May 2023 16:01:51 GMT

For the management API, permissions are controlled exclusively through the user's permissions profile. Log in to SmartConsole, go to Manage & Settings > Permissions & Administrators. The user must be defined there, and must have a permissions profile.

Re: API X TACACS

nãbru — Wed, 03 May 2023 18:15:25 GMT

This has already been done, but I get an insufficient privileges error.

My question was about tacacs in relation to the API, if you need any different privileges to use the API. Since local admin has been disabled and everything goes through tacacs

Re: API X TACACS

Bob_Zimmerman — Wed, 03 May 2023 18:20:50 GMT

For the management API, no. Like I said, those permissions are controlled exclusively through the user's permissions profile. Management supports central authentication, but not central identification or authorization. Permissions and group memberships are totally ignored. Only the permissions profile matters.

Re: API X TACACS

nãbru — Wed, 03 May 2023 18:29:38 GMT

Do you know what reasons might have related to insufficient privileges error.