1 of 1 people found this helpful
For what command? The web API goes through the same permission enforcement as the normal UI, so if the account couldn't have seen the data or taken the action in the UI, the web API shouldn't show them either.
For some commands you may get a permission error, but for some the command can execute fine, but the account just may not have access to any data so you'll get an empty response. The command help generally should say what permission is required to execute it ...
jking@ Python26 $ curl --silent -qk -u <uname>:<pass> 'https://<hostname>:8443/remote/core.help?command=system.move'
system.move names parentGroupId [autoSort]
Moves systems to a specified destination group by name or ID as returned by
Requires System Tree edit permission
[names (param 1) | ids] - You need to either supply the "names" with a comma
separated list of names/ip addresses or a comma separated list of "ids".
parentGroupId (param 2) - ID for parent group as returned by system.findGroups
autoSort (param 3) - If true, system is enabled for sorting. Defaults to
jking@ Python26 $
or for a python example,
>>> import mcafee
>>> mc = mcafee.client('hostname','8443','uname','pass')
Find systems in the ePO tree by name, IP address, MAC address, user name, agent
GUID or tag. Returns a list of database ids that can be used as input to any of
the system commands.
Requires permission to at least one group in the System Tree
searchText (param 1) - Search text can be IP address, MAC address, user name,
agent GUID or tag
Our command framework expects all commands to return a string describing what permission is required to run the command.
Just a simple query, and the test account being global review it would (and it has) access to the complete system tree from the top.
I'm going to investigate more.
Looks like it is a messed up migrated permission set, I I redefined the system tree access to the exact same thing it was before then it now works. The import/export feature doesn't work so well...