- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: Permission to create gateway object from API
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Permission to create gateway object from API
What is the permission required for API to create a gateway object?
I have created a role using custom mode so I can remove the excessive privilege later, and I have assigned all the possible privilege with write permission. I am still getting run time error when creating a simple gateway object from ansible. It works find if the role is given full write permission.
Error message below:
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Command 'add-simple-gateway {u'one-time-password': u'aaa12345', u'interfaces': [{u'ipv4-network-mask': u'255.255.255.0', u'anti-spoofing': u'true', u'ipv4-address': u'10.0.1.88', u'name': u'eth0', u'topology': u'External'}, {u'anti-spoofing': u'true', u'name': u'eth1', u'topology-settings': {u'ip-address-behind-this-interface': u'network defined by the interface ip and net mask'}, u'ipv4-network-mask': u'255.255.255.0', u'ipv4-address': u'172.16.1.88', u'topology': u'Internal'}], u'name': u'demo_gateway', u'ip-address': u'192.0.1.88', u'comments': u'added by Ansible'}' failed with error message: Runtime error: Error reading XMLStreamReader: Unexpected EOF in prolog at javax.xml.stream.SerializableLocation@c1137a34. All changes are discarded and the session is invalidated."}
- Labels:
-
Object Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Technically speaking, if you have access to do it from SmartConsole and you have API access, you should also be able to do it from the API.
Can you confirm that the user is able to create a gateway object via SmartConsole using the same permissions profile?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Strangely, I could create the gateway object on Smart Console using that API admin credential, whereas creating gateway object via API call failed.
Looks like a bug?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems that way.
In which case, we probably need a TAC case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can create it without any issues
mgmt_cli login -u user1 -p user1 > id.txt
mgmt_cli -s id.txt add simple-gateway name "Second_Security_Gateway" ip-address "11.1.1.10" firewall "true" vpn "true" interfaces.1.name eth0 interfaces.1.ipv4-address "11.1.1.10" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.anti-spoofing false interfaces.1.topology EXTERNAL
mgmt_cli -s id.txt publish
mgmt_cli -s id.txt logout
Do you have "write" access to common objects? by default, it is read while creating a new profile, search for " Others"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ofir, I have tried to assign all the privilege, and everything was write access. That was why I find it strange here. See the screenshot below for what you had indicated, write privilege was assigned.
I am running R80.10 Build 435.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I’m using R80.20
Are you able to check it with R80.20 ?
I will try to check it with my R80.10 MDM and I will update - I hope to do it this week or week later