IPAM.IPNode CRUD permissions broken?

For an IPAM power user, in our 4.8 environment we can update an IPNode object but in 4.9 we cannot.

Python repro code:

import requests

from orionsdk import SwisClient

verify = False

if not verify:

    from requests.packages.urllib3.exceptions import InsecureRequestWarning

    requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

def getUri(results):

    return [results['results'][0]['Uri']]

swis48 = SwisClient("solarwinds48", "ipampoweruser", "password")

swis49 = SwisClient("solarwinds49", "ipampoweruser", "password")

r48 = swis48.query("SELECT IpNodeId, Uri FROM IPAM.IPNode WHERE IPAddress='10.30.59.90'")

r49 = swis49.query("SELECT IpNodeId, Uri FROM IPAM.IPNode WHERE IPAddress='10.30.63.90'")

# This works (and the single update)

swis48.bulkupdate(getUri(r48), Status="Used", AllocPolicy="Static", Comments="test alloc1")

#Direct Update

# Fails (and single update fails too)

#swis49.bulkupdate(getUri(r49), Status="Used", AllocPolicy="Static", Comments="test alloc1")

# Exploring alternatives

#Update Status first

# Works (invoke ipam.subnetmanagement)

ip_reserve = swis49.invoke('IPAM.SubnetManagement', 'ChangeIPStatus', '10.30.63.90', 'Used')

# Fails (on CRUD operation on IPNode obj)

swis49.bulkupdate(getUri(r49), AllocPolicy="Static", Comments="test alloc1")

The exception is always:

requests.exceptions.HTTPError: 403 Client Error: Access to IPAM.IPNode denied. for url: https://solarwinds49:17778/SolarWinds/InformationService/v3/Json/BulkUpdate

Is this a regression? Workaround for now is to grant systemwide admin rights but this is not acceptable.

Parents
  • I spoke with the IPAM team about this.  IPAM currently requires a higher level of permissions to perform CRUD operations via the API than is required when performing corresponding operations via the website.  There is work planned to make this behavior consistent (internal issue IPAM-2651), but the workaround for the moment is to grant admin rights.

Reply
  • I spoke with the IPAM team about this.  IPAM currently requires a higher level of permissions to perform CRUD operations via the API than is required when performing corresponding operations via the website.  There is work planned to make this behavior consistent (internal issue IPAM-2651), but the workaround for the moment is to grant admin rights.

Children