IPAM.IPNode CRUD permissions broken?

For an IPAM power user, in our 4.8 environment we can update an IPNode object but in 4.9 we cannot.

Python repro code:

import requests

from orionsdk import SwisClient

verify = False

if not verify:

    from requests.packages.urllib3.exceptions import InsecureRequestWarning


def getUri(results):

    return [results['results'][0]['Uri']]

swis48 = SwisClient("solarwinds48", "ipampoweruser", "password")

swis49 = SwisClient("solarwinds49", "ipampoweruser", "password")

r48 = swis48.query("SELECT IpNodeId, Uri FROM IPAM.IPNode WHERE IPAddress=''")

r49 = swis49.query("SELECT IpNodeId, Uri FROM IPAM.IPNode WHERE IPAddress=''")

# This works (and the single update)

swis48.bulkupdate(getUri(r48), Status="Used", AllocPolicy="Static", Comments="test alloc1")

#Direct Update

# Fails (and single update fails too)

#swis49.bulkupdate(getUri(r49), Status="Used", AllocPolicy="Static", Comments="test alloc1")

# Exploring alternatives

#Update Status first

# Works (invoke ipam.subnetmanagement)

ip_reserve = swis49.invoke('IPAM.SubnetManagement', 'ChangeIPStatus', '', 'Used')

# Fails (on CRUD operation on IPNode obj)

swis49.bulkupdate(getUri(r49), AllocPolicy="Static", Comments="test alloc1")

The exception is always:

requests.exceptions.HTTPError: 403 Client Error: Access to IPAM.IPNode denied. for url: https://solarwinds49:17778/SolarWinds/InformationService/v3/Json/BulkUpdate

Is this a regression? Workaround for now is to grant systemwide admin rights but this is not acceptable.

Parents Reply Children