Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Firewallteam_DE
Explorer
Jump to solution

How to remove a domain from an MDS admin via API

hi all,

 

I'm trying to automate the admin deployment to and existing MDS via api.

I can easily add a domain to an administrator:

#  mgmt_cli -r true set administrator name admin123 permissions-profile.add.1.domain SGFRTDMBOQ001_domain permissions-profile.add.1.profile "Read Write All"


---------------------------------------------
Time: [16:45:45] 11/6/2019
---------------------------------------------
"Publish operation"  in progress  (60%)


---------------------------------------------
Time: [16:45:55] 11/6/2019
---------------------------------------------
"Publish operation"  succeeded  (100%)

But I'm not able to remove it:

# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain                    code: "generic_err_invalid_parameter"
message: "Invalid parameter for [permissions-profile]. Invalid value"

Executed command failed. Changes are discarded.
# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.1.domain SGFRTDMBOQ001_domain
code: "generic_err_invalid_parameter"
message: "Invalid parameter for [permissions-profile]. Invalid value"

Executed command failed. Changes are discarded.
# mgmt_cli -r true set administrator name admin123 permissions-profile.remove.domain SGFRTDMBOQ001_domain permissions-profile.remove.profile "Read Write All"
code: "generic_err_invalid_parameter"
message: "Invalid parameter for [permissions-profile]. Invalid value"

Executed command failed. Changes are discarded.
#

Any ideas?

 

Cheers,

Martin

0 Kudos
1 Solution

Accepted Solutions
Jim_Oqvist
Employee
Employee

Hi Martin,

The correct format of the call would be

mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "domain_name" -d "System Data" -f json

[Expert@mds10:0]# mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "central-europe" -d "System Data" -f json
{
  "uid" : "f0ef6720-56fd-4929-815f-56b054f9285c",
  "name" : "admin123",
  "type" : "administrator",
  "domain" : {
    "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
    "name" : "System Data",
    "domain-type" : "mds"
  },
  "email" : "",
  "phone-number" : "",
  "authentication-method" : "check point password",
  "must-change-password" : false,
  "multi-domain-profile" : {
    "uid" : "642ba6c9-e60c-4a2d-8e18-652e2690266a",
    "name" : "Domain Manager",
    "type" : "MDPermissionRole",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "permissions-profile" : [ {
    "domain" : {
      "uid" : "ba118ab3-ac2f-4103-a095-a5c732f47479",
      "name" : "nordics",
      "type" : "FolderMirror",
      "domain" : {
        "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
        "name" : "System Data",
        "domain-type" : "mds"
      }
    },
    "profile" : {
      "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
      "name" : "Read Only All",
      "type" : "PermissionRole",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      }
    }
  }, {
    "domain" : {
      "uid" : "68efd634-fd04-481b-b62d-99a2a2a6a7d4",
      "name" : "All Global Domains",
      "type" : "Folder",
      "domain" : {
        "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
        "name" : "System Data",
        "domain-type" : "mds"
      }
    },
    "profile" : {
      "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
      "name" : "Read Only All",
      "type" : "PermissionRole",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      }
    }
  } ],
  "sic-name" : "",
  "comments" : "",
  "color" : "black",
  "icon" : "General/Administrator",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1560331260958,
      "iso-8601" : "2019-06-12T11:21+0200"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1560331254376,
      "iso-8601" : "2019-06-12T11:20+0200"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}


---------------------------------------------
Time: [11:21:02] 12/6/2019
---------------------------------------------
"Publish operation"  succeeded  (100%)

here is an example

mgmt_cli -r true add administrator name "admin123" password "vpn123" must-change-password false authentication-method "INTERNAL_PASSWORD" multi-domain-profile "domain manager" permissions-profile.1.domain "nordics" permissions-profile.1.profile "read only all" -d "System Data" -f json
mgmt_cli -r true set administrator name "admin123" permissions-profile.add.1.domain "central-europe" permissions-profile.add.1.profile "read write all" -d "System Data" -f json
mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "central-europe" -d "System Data" -f json

 

Kind Regards
Jim

View solution in original post

2 Replies
Jim_Oqvist
Employee
Employee

Hi Martin,

The correct format of the call would be

mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "domain_name" -d "System Data" -f json

[Expert@mds10:0]# mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "central-europe" -d "System Data" -f json
{
  "uid" : "f0ef6720-56fd-4929-815f-56b054f9285c",
  "name" : "admin123",
  "type" : "administrator",
  "domain" : {
    "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
    "name" : "System Data",
    "domain-type" : "mds"
  },
  "email" : "",
  "phone-number" : "",
  "authentication-method" : "check point password",
  "must-change-password" : false,
  "multi-domain-profile" : {
    "uid" : "642ba6c9-e60c-4a2d-8e18-652e2690266a",
    "name" : "Domain Manager",
    "type" : "MDPermissionRole",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    }
  },
  "permissions-profile" : [ {
    "domain" : {
      "uid" : "ba118ab3-ac2f-4103-a095-a5c732f47479",
      "name" : "nordics",
      "type" : "FolderMirror",
      "domain" : {
        "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
        "name" : "System Data",
        "domain-type" : "mds"
      }
    },
    "profile" : {
      "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
      "name" : "Read Only All",
      "type" : "PermissionRole",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      }
    }
  }, {
    "domain" : {
      "uid" : "68efd634-fd04-481b-b62d-99a2a2a6a7d4",
      "name" : "All Global Domains",
      "type" : "Folder",
      "domain" : {
        "uid" : "a0eebc99-afed-4ef8-bb6d-fedfedfedfed",
        "name" : "System Data",
        "domain-type" : "mds"
      }
    },
    "profile" : {
      "uid" : "f4a23218-5bb9-4880-94bb-9c06b951f195",
      "name" : "Read Only All",
      "type" : "PermissionRole",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      }
    }
  } ],
  "sic-name" : "",
  "comments" : "",
  "color" : "black",
  "icon" : "General/Administrator",
  "tags" : [ ],
  "meta-info" : {
    "lock" : "unlocked",
    "validation-state" : "ok",
    "last-modify-time" : {
      "posix" : 1560331260958,
      "iso-8601" : "2019-06-12T11:21+0200"
    },
    "last-modifier" : "WEB_API",
    "creation-time" : {
      "posix" : 1560331254376,
      "iso-8601" : "2019-06-12T11:20+0200"
    },
    "creator" : "WEB_API"
  },
  "read-only" : true
}


---------------------------------------------
Time: [11:21:02] 12/6/2019
---------------------------------------------
"Publish operation"  succeeded  (100%)

here is an example

mgmt_cli -r true add administrator name "admin123" password "vpn123" must-change-password false authentication-method "INTERNAL_PASSWORD" multi-domain-profile "domain manager" permissions-profile.1.domain "nordics" permissions-profile.1.profile "read only all" -d "System Data" -f json
mgmt_cli -r true set administrator name "admin123" permissions-profile.add.1.domain "central-europe" permissions-profile.add.1.profile "read write all" -d "System Data" -f json
mgmt_cli -r true set administrator name "admin123" permissions-profile.remove "central-europe" -d "System Data" -f json

 

Kind Regards
Jim

Firewallteam_DE
Explorer
yep, now it's working. Thank you. Cheers, Martin
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events