Hi Jim,

not really. 200 is only the Postman http return status. 

1. Yes. Other Web Service requests , for example show-host are working as expected. I'm pretty sure Postman and API are working as expected.

2. I get the UID from the mgmt_cli where the command show acces-layers returns the UIDs of my layers

3. I used name in show-acces-layer with same result.

4. I have not done the setup, as far as I know SMS. How can I be sure ? mgmt_cli show domains returns  nothing....

5. .... I've set value of show global-domain as domain parameter in the API login request. Same result as without.

Kind Regards

CC_one

Hi,

If you see this icon in the middle bottom of SmartConsole it means that you are connected to a domain management server in a MDS

and youre login payload should look like this in postman

{
  "user" : "aa",
  "password" : "aaaa",
  "domain" : "Domain Name"
}

If you just see this it means that you are connected to a SMS

and your login payload should look like this in posman

{
  "user" : "aa",
  "password" : "aaaa"
}

It would help if you post the API requests and their payloads you are using in postman as well ass the command you used in the mgmt_cli to get the UID.

Kind Regards
Jim

Hi am glad to hear that your issue was resolved. But I am not sure I understand what caused it and what was the solution.

Using a read only user you are able to list layers and see the content of the layer using the API. 

This is from mgmt_cli but it works in exactly the same way when using Postman.

[Expert@sms69:0]# # add admin with Read Only permissions
[Expert@sms69:0]# mgmt_cli -r true -d "System Data" -f json add administrator name "ro_user" password "vpn123" must-change-password false authentication-method "check point password" permissions-profile "Read Only All"
{
  "uid" : "f69cfa69-93cc-40d0-aaf9-2a964291ebb1",
  "name" : "ro_user",
  "type" : "administrator",
  "domain" : {
    "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
    "name" : "System Data",
    "domain-type" : "mds"
  },
  "email" : "",
  "phone-number" : "",
  "authentication-method" : "check point password",
  "must-change-password" : false,
  "permissions-profile" : {
    "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
    "name" : "Read Only All",
    "type" : "PermissionRole",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "sic-name" : "",
  "comments" : "",
  "color" : "black",
  "icon" : "General/Administrator",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1605866490731,
      "iso-8601" : "2020-11-20T11:01+0100"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1605866490731,
      "iso-8601" : "2020-11-20T11:01+0100"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}


---------------------------------------------
Time: [11:01:32] 20/11/2020
---------------------------------------------
"Publish operation"  succeeded  (100%)
[Expert@sms69:0]# # Show access layers with Read Only permissions
[Expert@sms69:0]# mgmt_cli -u ro_user -p vpn123 show-access-layers
access-layers:
- uid: "63b7fe60-76d2-4287-bca5-21af87337b0a"
  name: "Network"
  type: "access-layer"
  domain:
    uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
    name: "SMC User"
    domain-type: "domain"
from: 1
to: 1
total: 1

[Expert@sms69:0]# # Show access layer network with Read Only permissions
[Expert@sms69:0]# mgmt_cli -u ro_user -p vpn123 show-access-layer name Network
uid: "63b7fe60-76d2-4287-bca5-21af87337b0a"
name: "Network"
type: "access-layer"
domain:
  uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
  name: "SMC User"
  domain-type: "domain"
shared: false
applications-and-url-filtering: false
content-awareness: false
mobile-access: false
firewall: true
implicit-cleanup-action: "drop"
comments: ""
color: "black"
icon: "ApplicationFirewall/rulebase"
tags: []
meta-info:
  lock: "unlocked"
  validation-state: "ok"
  last-modify-time:
    posix: 1579509785872
    iso-8601: "2020-01-20T09:43+0100"
  last-modifier: "System"
  creation-time:
    posix: 1579509785831
    iso-8601: "2020-01-20T09:43+0100"
  creator: "System"
read-only: false

[Expert@sms69:0]#

Kind Regards

Jim

Hi Jim,

  Basically I had/have 2 User .  First is my admin User with Read/Write. I used this user for cli request with success.For all kind of requests.

Second user was/is a  User "api_user" with a custom permission-profile with read only. I Used "api_user" with Postman. It turned out my custom permission-profile lacks some permissions for example when reading layer information.

I changed api_user's permission-profile to the build in "Read Only All" et voila I get layer Information via Postman and Webservices.

I'm afraid I wasted your Time 😞 .... I made classical beginner failures.

1 Failure: Using 2 different User and awaiting same result

2 Failure: Not using build in permission-profile for first test

3 Failure: Awaiting a correct error . Something like " Not enough User Rights....." would have given me a hint. Instead cp returned  "code": "generic_err_object_not_found",
   "message": "Requested object [883e9de5-7c9e-4779-8c4e-1a3b8c6aa007] not found". Or even worse, returning an empty response and no failure at all. In case of show-access-     layers this was the answer :"access-layers": [], "total": 0.

Regards CC_one