3 Replies Latest reply on Dec 5, 2011 8:27 AM by andrep1

    minimum permissions required for web api/python

    andrep1

      When I use the wep api, an account part of "Global Reviewer " returns blank results but Global Admin works fine.

      Anyone else have this issue so I can have a defect open?

        • 1. Re: minimum permissions required for web api/python
          jking

          For what command?  The web API goes through the same permission enforcement as the normal UI, so if the account couldn't have seen the data or taken the action in the UI, the web API shouldn't show them either. 

           

          For some commands you may get a permission error, but for some the command can execute fine, but the account just may not have access to any data so you'll get an empty response.  The command help generally should say what permission is required to execute it ...

           

          For example,

           

          jking@ Python26 $ curl --silent -qk -u <uname>:<pass> 'https://<hostname>:8443/remote/core.help?command=system.move'

          OK:

          system.move names parentGroupId [autoSort]

          Moves systems to a specified destination group by name or ID as returned by

          system.find command.

          Requires System Tree edit permission

          Parameters:

          [names (param 1) | ids] - You need to either supply the "names" with a comma

          separated list of names/ip addresses or a comma separated list of "ids".

          parentGroupId (param 2) - ID for parent group as returned by system.findGroups

          command

          autoSort (param 3) - If true, system is enabled for sorting. Defaults to

          false.

          jking@ Python26 $

           

          or for a python example,

           

          >>> import mcafee

          >>> mc = mcafee.client('hostname','8443','uname','pass')

          >>> mc.help(command='system.find')

          system.find searchText

          Find systems in the ePO tree by name, IP address, MAC address, user name, agent

          GUID or tag.  Returns a list of database ids that can be used as input to any of

          the system commands.

          Requires permission to at least one group in the System Tree

          Parameters:

          searchText (param 1) - Search text can be IP address, MAC address, user name,

          agent GUID or tag

          >>>

           

          Our command framework expects all commands to return a string describing what permission is required to run the command.

           

          Jon

          1 of 1 people found this helpful
          • 2. Re: minimum permissions required for web api/python
            andrep1

            Just a simple query, and the test account being global review it would (and it has) access to the complete system tree from the top.

            I'm going to investigate more.

            • 3. Re: minimum permissions required for web api/python
              andrep1

              Looks like it is a messed up migrated permission set, I I redefined the system tree access to the exact same thing it was before then it now works. The import/export feature doesn't work so well...