Custome Role permission failing with curl command but success with EdgeUI

I need to create a custom Role in my Management Server.

When I created with the curl command only half of the permissions are working:

Role A: 1. get/put/delete Products

2. get/put/delete Developers

When I go to Developers it prompt Insufficient permission.

Now, when I created the custom role in the UI . I have not issues.

Management server commands should be more efficient.

What should I do in this case ? Why UI custom role is working and commands are not.

1 9 319
9 REPLIES 9

HI @nathalylozano - few questions to help you quickly:

  1. Would it be possible to share the payload you used ?
  2. Is this Apigee on public cloud or private cloud ? If private, which version?
  3. Also please share the error response you are getting from the API calI

The API call doenst show any errors. It shows Success.

But when I go to the UI it shows insufficient permissions. I check the resource permissions for that role and they are there.

I have a 17.05 version.

Can you provide the screenshot (trying to see which page/resource you are on) also the permission response for the custom role. Want to be sure you have the correct permissions ?

Screen shots from:

1. GET command v1/o/dev-int-oa/userroles/API-Product-Owner/permissions

2. Adding the Role to me

3. checking the permission of the Role UI

4. Error in the UI

5886-screen-shot-2017-11-07-at-22615-pm.png

5887-screen-shot-2017-11-07-at-22605-pm.png

5888-screen-shot-2017-11-07-at-22527-pm.png

5885-screen-shot-2017-11-07-at-22642-pm.png

Thanks for sharing. The permissions looks right to me.

Two things I would ask you to try

1) Remove the role from the user. Log out and login using that user to make sure the permissions are working. Then add it back to the user. Logout and login using that user again.

2) If the above doesnt work, delete the role you created. Recreate them (either using UI or API) and assign to user.

Think it must be something with the runtime. But could be wrong. The above are worth a try

Hi,

I already completed those steps.

I deleted the user / deleted the role/ recreate the role / add the permissions again and add the user back. I even try with multiple users and its the same issue..

API should worked better than UI. As per automation I run the API call .. whihc is failing

That sucks !

Can you raise a support ticket with all the details?

A few /environments/* permissions are not allowed using the management API. These default permissions are granted when creating role through the UI.

For roles that require a user to login to Edge UI it is best to create the role using the UI and then adjust permissions using management API.

For machines user roles you can start from the management API.

I'm not sure what you're talking about. In this context, the user roles are in conjunction with an organization, not an environment. As an organization owner or administrator, you can access any route of the management API, including creating roles with specific permissions.

What purpose would an API be if you had less access than using a UI, especially for basic functionality like this?