I'm trying to run the following:
$swis = Connect-Swis -Hostname $IPAMServer -Trusted
Invoke-SwisVerb -SwisConnection $swis -EntityName IPAM.SubnetManagement -Verb GetFirstAvailableIp @($subnetAddress, $subnetMask)
It works correctly when the account's IP ADDRESS MANAGER SETTINGS are set to Admin, but not when anything else like Power User. Then i will get the following error:
Invoke-SwisVerb : Access denied
Is this by design? If so, how can we restrict access of the user who need to run these scripts to certain subnets?
hello, IPAM 4.6 and lower versions require, that user must be Orion administrator to invoke API methods over IPAM entities. you can try IPAM 4.7 RC2 with more granular permissions.
The permissions for these Orion verbs correspond to the permissions used when you perform the equivalent steps from the Orion UI (when logged in with the same account). Permissions can be defined per user from the UI.
Just tested. Looks like the issue is with the AD credentials. When using local Orion account everything works fine. I can use operator role to get the first available IP. But test with AD account throwing access denied. I tried many possibly syntax of username as well as PS credentials. Any hint here?
That's the way we worked around access for accounts without admin access in Solarwinds. This is the cmdlet:
PS C:\Users\user> $swis = Connect-Swis -Trusted -Hostname solarwinds-app-server
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.