3 Replies Latest reply on Nov 12, 2014 2:17 PM by mikeghen

    What permissions does a user need to ack alerts via https?

    mikeghen

      This is a follow up question to Is it possible to acknowledge alerts programmically from a linux server?

       

      I tried to make another user "apiuser" at https://solarwinds.mydomain.com so that I could use his in my script to ack alerts:

       

      curl -k -u apiuser:password -X POST -H "Content-Type:application/json" -d "[[{\"DefinitionId\":\"88914a68-0d12-40c5-aca5-009a8284ad09\",\"ObjectId\":\"168\",\"ObjectType\":\"Node\"}]]"  https://solarwinds.brandeis.edu:17778/SolarWinds/InformationService/v3/Json/Invoke/Orion.AlertStatus/Acknowledge

       

      When I try to execute this, it just returns with no information. When I use my creds, it returns "true" and it acks the alert. What permissions does apiuser need? I believe I need to grant his some more permissions in https://solarwinds.mydomain.com/Orion/Admin/Accounts/EditAccount.aspx

        • Re: What permissions does a user need to ack alerts via https?
          tdanner

          The relevant user right is "Allow Account to Clear Events, Acknowledge Alerts and Syslogs".

           

          It's weird that you would get nothing in response when you use an account with insufficient rights. Try adding the -v option to curl and see what the response code and headers look like.

          1 of 1 people found this helpful
            • Re: What permissions does a user need to ack alerts via https?
              mikeghen

              Alright, here's what I got with -v:

               

              * About to connect() to solarwinds.mydomain.com port 17778 (#0)

              *   Trying XXX.XXX.XXX.XXX ... connected

              * Connected to solarwinds.mydomain.com (XXX.XXX.XXX.XXX) port 17778 (#0)

              * Initializing NSS with certpath: sql:/etc/pki/nssdb

              * warning: ignoring value of ssl.verifyhost

              * skipping SSL peer certificate verification

              * SSL connection using TLS_RSA_WITH_AES_128_CBC_SHA

              * Server certificate:

              *     subject: CN=SolarWinds-Orion

              *     start date: Sep 28 15:05:57 2012 GMT

              *     expire date: Dec 31 23:59:59 2039 GMT

              *     common name: SolarWinds-Orion

              *     issuer: CN=SolarWinds-Orion

              * Server auth using Basic with user 'apiuser'

              > POST /SolarWinds/InformationService/v3/Json/Invoke/Orion.AlertStatus/Acknowledge HTTP/1.1

              > Authorization: Basic YXBpdXNlcjpoTw==

              > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

              > Host: solarwinds.mydomain.com:17778

              > Accept: */*

              > Content-Type:application/json

              > Content-Length: 96

              >

              < HTTP/1.1 403 Forbidden

              < Content-Length: 0

              < Server: Microsoft-HTTPAPI/2.0

              < Date: Wed, 12 Nov 2014 20:13:16 GMT

              <

              * Connection #0 to host solarwinds.mydomain.com left intact

              * Closing connection #0

              • Re: What permissions does a user need to ack alerts via https?
                mikeghen

                You know what, that was wierd! Turns out, my password has a special character in it and it requires me to escape it!