Hi Everyone,
I'm running VMware NSX 3.2.2. I created custom role (security: full access, inventory: full access and the rest read-only).
I added an AD User and bind the custom role to the user. When I create a DFW policy and rule with this AD user through the UI it works whereas when I try to create the same rule through the API with postman, i have 403 error user is not authorized.
Has someone come across this issue?
Thanks
Regarding the authentication everything is OK. When I GET a request everything is OK. The only is issue is when i want to PATCH a request regarding DFW.When I change the custom role to a built-in role (security admin) the same payload works fine.I look into the nsxapi.log and I found an ERROR message mentionning that "incoming role null is not authorized to access API with rbac_feature domain_admin having required_permission curd".
I looked at the role-with-feature and the admin_domain required_permission value is "read". I can't changed that.
Have you made sure to authorize before you tried to edit the rule? You can find the authentication information here (scroll down to "Request Authentication).
https://developer.vmware.com/apis/1733/nsx-t/
If your authentication is okay, have you tried a GET a request to see if that works?
In addition, your endpoint doesn't seem to be complete. If you want to create a rule, you'd use something like
PUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}orPUT /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
thank you . i used the policy api: PATCH /policy/api/v1/infra to do that but i had the error i mentionned above?
Hope the below link will help:
https://developer.vmware.com/apis/976/nsx-t/