This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Invoke-SwisVerb access denied when running with non admin AD account

sasler over 5 years ago

I'm trying to run the following:

$swis = Connect-Swis -Hostname $IPAMServer -Trusted
Invoke-SwisVerb -SwisConnection $swis -EntityName IPAM.SubnetManagement -Verb GetFirstAvailableIp @($subnetAddress, $subnetMask)

It works correctly when the account's IP ADDRESS MANAGER SETTINGS are set to Admin, but not when anything else like Power User. Then i will get the following error:

Invoke-SwisVerb : Access denied

Is this by design? If so, how can we restrict access of the user who need to run these scripts to certain subnets?

Thanks

0 maryan.dmytriv over 5 years ago

hello, IPAM 4.6 and lower versions require, that user must be Orion administrator to invoke API methods over IPAM entities. you can try IPAM 4.7 RC2 with more granular permissions.
Cancel
Vote Up 0 Vote Down

Cancel
0 mtalas over 4 years ago in reply to maryan.dmytriv

we are on 4.8.1 HF1 having the same issue
is there any documentation on what permissions are required ?
thx
mark
Cancel
Vote Up 0 Vote Down

Cancel
0 dan_jagnow over 4 years ago in reply to mtalas

The permissions for these Orion verbs correspond to the permissions used when you perform the equivalent steps from the Orion UI (when logged in with the same account). Permissions can be defined per user from the UI.
Cancel
Vote Up 0 Vote Down

Cancel
0 mtalas over 4 years ago in reply to dan_jagnow

Just tested. Looks like the issue is with the AD credentials. When using local Orion account everything works fine. I can use operator role to get the first available IP. But test with AD account throwing access denied. I tried many possibly syntax of username as well as PS credentials. Any hint here?
Cancel
Vote Up 0 Vote Down

Cancel
0 dan_jagnow over 4 years ago in reply to mtalas

See the documentation for the Connect-Swis cmdlet here:
PowerShell · solarwinds/OrionSDK Wiki · GitHub
You can use Trusted if you want to use your current credentials. Otherwise, you'll want to use Credential. For more details on how to do that, read this:
Get-Credential
Cancel
Vote Up 0 Vote Down

Cancel
0 wlouisharris over 4 years ago in reply to dan_jagnow

That's the way we worked around access for accounts without admin access in Solarwinds. This is the cmdlet:
PS C:\Users\user> $swis = Connect-Swis -Trusted -Hostname solarwinds-app-server
Cancel
Vote Up 0 Vote Down

Cancel