Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bryan_Lee
Employee Alumnus
Employee Alumnus

Permission to create gateway object from API

What is the permission required for API to create a gateway object?

I have created a role using custom mode so I can remove the excessive privilege later, and I have assigned all the possible privilege with write permission. I am still getting run time error when creating a simple gateway object from ansible. It works find if the role is given full write permission. 

Error message below:

fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "msg": "Command 'add-simple-gateway {u'one-time-password': u'aaa12345', u'interfaces': [{u'ipv4-network-mask': u'255.255.255.0', u'anti-spoofing': u'true', u'ipv4-address': u'10.0.1.88', u'name': u'eth0', u'topology': u'External'}, {u'anti-spoofing': u'true', u'name': u'eth1', u'topology-settings': {u'ip-address-behind-this-interface': u'network defined by the interface ip and net mask'}, u'ipv4-network-mask': u'255.255.255.0', u'ipv4-address': u'172.16.1.88', u'topology': u'Internal'}], u'name': u'demo_gateway', u'ip-address': u'192.0.1.88', u'comments': u'added by Ansible'}' failed with error message: Runtime error: Error reading XMLStreamReader: Unexpected EOF in prolog at javax.xml.stream.SerializableLocation@c1137a34. All changes are discarded and the session is invalidated."}

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Technically speaking, if you have access to do it from SmartConsole and you have API access, you should also be able to do it from the API.

Can you confirm that the user is able to create a gateway object via SmartConsole using the same permissions profile?

0 Kudos
Bryan_Lee
Employee Alumnus
Employee Alumnus

Strangely, I could create the gateway object on Smart Console using that API admin credential, whereas creating gateway object via API call failed. 

Looks like a bug?

0 Kudos
PhoneBoy
Admin
Admin

Seems that way.

In which case, we probably need a TAC case.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

I can create it without any issues Smiley Happy

mgmt_cli login -u user1 -p user1 > id.txt
mgmt_cli -s id.txt add simple-gateway name "Second_Security_Gateway" ip-address "11.1.1.10" firewall "true" vpn "true" interfaces.1.name eth0 interfaces.1.ipv4-address "11.1.1.10" interfaces.1.ipv4-network-mask "255.255.255.0" interfaces.1.anti-spoofing false interfaces.1.topology EXTERNAL
mgmt_cli -s id.txt publish
mgmt_cli -s id.txt logout

Do you have "write" access to common objects? by default, it is read while creating a new profile, search for " Others"

0 Kudos
Bryan_Lee
Employee Alumnus
Employee Alumnus

Hi Ofir, I have tried to assign all the privilege, and everything was write access. That was why I find it strange here. See the screenshot below for what you had indicated, write privilege was assigned. 

I am running R80.10 Build 435. 

Privilege assigned to api_admin role (Others)

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

I’m using R80.20

Are you able to check it with R80.20 ?

I will try to check it with my R80.10 MDM and I will update - I hope to do it this week or week later 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events