- Community Home
- >
- Networking
- >
- IMC
- >
- HPE IMC-RS permission
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2020 10:56 PM - edited 10-22-2020 10:57 PM
10-22-2020 10:56 PM - edited 10-22-2020 10:57 PM
HPE IMC-RS permission
Hello
We are implementing integration between HPE IMC and Zabbix via IMC-RS Rest API, and we would like to limit what IMC-RS commands IMC operator, used by Zabbix, could access. In IMC-RS documentation I've found this:
<...>
By default, an operator can use all RESTful services offered by iMC-RS, regardless of the
operation rights restricted by the group to which the operator belongs.
<...>
Based on this, I guess there should be some way to configure what IMC-RS services are available to operator, but haven't found a way to configure this.
Is this possible?
IMC version: E0703
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2020 03:03 AM
10-23-2020 03:03 AM
Re: HPE IMC-RS permission
Hello,
I think the way that it's described as "by default" might lead you to think it's possible to restrict the API, but there is no such option. It's only possible to restrict access to the API in the sense that you can prevent the operator from executing any requests that modify iMC.
See this question in the FAQ of API docs:
Why error code 403 is returned when a service of the PUT/POST/DELETE operation type is called but the GET service can be correctly called?
To ensure data security, the RESTful web services framework allows only operators with the privilege to call RESTful Web Services Call to access services of the PUT/POST/DELETE operation type.
This is the only restriction you could implement, and it is done by creating a new Operator Group (System > Operator Management > Operator Group) without the privilege of System - Resource Management > RESTful Web Services Call. Then you add your API operator to that operator group, and it will no longer be able to modify anything.
It's either that, or full API access - even if you restrict access to other features in the Operator Group, this will only affect the GUI access when the operator logs in, and not the API.
Justin
Working @ HPE