Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1633
Views
15
Helpful
5
Replies

vManage API Permission

Vennila
Level 1
Level 1

‎08-21-2019 01:48 AM

Hi,

 

In the vManage apidocs, apis are arranged with reference to resource collection. And permission for the apis will be enabled with the reference to feature selection.

 

Would like to understand for a specific feature, what are all the available APIs. For instance, if we enable Interface Read permission for a user group, then what are all the APIs that user can invoke successfully?

 

Thanks in advance!

 

Regards,

Vennila

Labels:
0 Helpful
5 Replies 5

msuchand
Cisco Employee
Cisco Employee

‎08-21-2019 02:32 AM

Hi,

 

RBAC rules are same for GUI and APIs.

 

For example if user belongs to operator group, user can only view the information and can't do configuration on vManage GUI and similarly the user will not be able to trigger the API calls related to configuration of policies or templates. 

 

Thanks,
Sai

Vennila
Level 1
Level 1
In response to msuchand

‎09-01-2019 06:53 AM

Hi,

Thanks for your response!

I would like to know how the rbac is set for vmanage apis.

i.e., if user fires any api listed in apidocs, how vmanage knows whether to send the response or block the request.

Is there any way to know what is the rbac set for those apis.

Thanks in advance!
0 Helpful

msuchand
Cisco Employee
Cisco Employee
In response to Vennila

‎09-03-2019 12:42 AM

Hi, 

 

For example if the user-id belongs to user group netadmin or custom user group test, then we can use URI : https://vmanage-ip/dataservice/admin/usergroup and GET request to this returns the RBAC rules in below format. 

 

"data": [ { "groupName": "test",

               "tasks": [

               { "feature": "Policy",

                 "enabled": true,

                "read": true,

               "write": false },

            { "feature": "Routing",

             "enabled": true,

             "read": true,

             "write": false },

<snip>

 

Based on above key values for "read" and "write" respective response will be returned as API response. If "write" is false for feature policy and if user tries to edit the policy configuration using API then response would be 403. 

 

Thanks,
Sai

Vennila
Level 1
Level 1
In response to msuchand

‎09-03-2019 12:48 AM

Hi,



Thanks for the response!



But could we know the apis associated to a feature? For example, if user is assigned to Interface feature with Write operation, then what are all the apis(listed in apidocs) he can access.



Can you please help!



Thanks in Advance!


0 Helpful

msuchand
Cisco Employee
Cisco Employee
In response to Vennila

‎09-03-2019 01:37 AM

Hi, 

 

We don't have API call or single doc to find associated API URLs for a RBAC category However, we can use below links to correlate the information. 

 

For example if user has read permission for Interface category then user can run commands like "show interface" , "show arp" etc. ( please check section "User Group Authorization Rules for Operational Commands" in link https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/SD-WAN_Release_16.3/02System_and_Interfaces/01_System_and_Interfaces_Overview/Role-Based_Access_with_AAA ) 

 

Now similar we have link ( https://sdwan-docs.cisco.com/Product_Documentation/Command_Reference/Command_Reference/vManage_REST_APIs/Real-Time_Monitoring_APIs/Interface ) which maps the CLI command to API URL. 

 

We can identify the commands available for each RBAC category in the first link and in the second link we can see the API URLs associated for that command. 

 

Thanks,
Sai

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card