Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maor_Benamer
Explorer

Add users to existing access-role

Hello,

I am trying to add an AD user to an existing group.
Code I tried:
set access-role name "Test_Access_Role" users "test1" machines "any" networks "any" remote-access-clients "any"

Every command I enter returns an error message.

what am I missing?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Because you're calling the API incorrectly for users.
It should be users.add.source and then the AD name, if I'm reading the documentation properly.
Refer to the API documentation: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-role~v1.5%20
Maor_Benamer
Explorer

Hi,

I tried to write as you wrote but I get the following error message:

set access-role name "Test_Access_Role" users.add.source "test1" machines "any" networks "any" remote-access-clients "any"

code: "generic_err_missing_required_parameters"
message: "Missing parameter: [selection]"

Any idea?

Tnx 

0 Kudos
wislleym
Contributor

I am trying to create an access role and am having difficulties. I am trying to add the active directory group called DIRECTORS. I used the command add access-role name "DIRECTORS" networks "any" machines "any" users.add.source "DIRECTORS". The output of the command indicates that the select parameter is missing, but reading the MANAGEMENT API I could not identify what this parameter would be.

0 Kudos
PhoneBoy
Admin
Admin

Definitely something missing in the API documentation as I have no idea what "selection" refers to here.
@Amiad_Stern any ideas?

wislleym
Contributor

Hello PhoneBoy. After some trying i created the access role. I used the command add access-role name "DIRETORIA" networks "any" machines "any" remote-access-client "any" users.add.source "PAINT.LOCAL__AD" users.selection "Diretoria" where PAINT.LOCAL is the name from my domain and where Diretoria is the name of my active directory group. A message was displayed stating that the requested object name [Diretoria] was not unique and that i should use the base-dn parameter to add the access role. Then i used the command add access-role name "DIRETORIA" networks "any" machines "any" remote-access-client "any" users.source "PAINT.LOCAL__AD" users.selection "Diretoria" users.base-dn "CN=Diretoria,OU=Diretoria,OU=MATRIZ,DC=paint,DC=local" color "yellow"

34.jpg

PhoneBoy
Admin
Admin

The error message was a little misleading but it does appear that's documented.
Glad you got it working.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events