cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Invoke-SwisVerb access denied when running with non admin AD account

I'm trying to run the following:

$swis = Connect-Swis -Hostname $IPAMServer -Trusted
Invoke-SwisVerb -SwisConnection $swis -EntityName IPAM.SubnetManagement -Verb GetFirstAvailableIp @($subnetAddress, $subnetMask)

It works correctly when the account's IP ADDRESS MANAGER SETTINGS are set to Admin, but not when anything else like Power User. Then i will get the following error:

Invoke-SwisVerb : Access denied

Is this by design? If so, how can we restrict access of the user who need to run these scripts to certain subnets?

Thanks

Tags (2)
0 Kudos
6 Replies
Level 11

hello, IPAM 4.6 and lower versions require, that user must be Orion administrator to invoke API methods over IPAM entities. you can try IPAM 4.7 RC2 with more granular permissions.

0 Kudos

we are on 4.8.1 HF1 having the same issue

is there any documentation on what permissions are required ?

thx

mark

0 Kudos

The permissions for these Orion verbs correspond to the permissions used when you perform the equivalent steps from the Orion UI (when logged in with the same account). Permissions can be defined per user from the UI.

0 Kudos

Just tested. Looks like the issue is with the AD credentials. When using local Orion account everything works fine. I can use operator role to get the first available IP. But test with AD account throwing access denied. I tried many possibly  syntax of username as well as PS credentials. Any hint here?

0 Kudos

See the documentation for the Connect-Swis cmdlet here:

PowerShell · solarwinds/OrionSDK Wiki · GitHub

You can use Trusted if you want to use your current credentials.  Otherwise, you'll want to use Credential.  For more details on how to do that, read this:

Get-Credential

0 Kudos

That's the way we worked around access for accounts without admin access in Solarwinds.  This is the cmdlet:

PS C:\Users\user> $swis = Connect-Swis -Trusted -Hostname solarwinds-app-server

0 Kudos