Forum Discussion

COMMS-CORE_1795's avatar
COMMS-CORE_1795
Icon for Nimbostratus rankNimbostratus
Jun 16, 2016

Access role guest /mgmt/tm/ltm/virtual/stats to catch statistics

Good morning; I need that a local authentication user can access the /mgmt/tm/ltm/virtual/stats route so you can take your partition statistics without visibility of the other partitions. The problem is that when assigning the role guest gives me the following error:

 

{"code":401,"message":"Authorization failed: user=prueba resource=/mgmt/tm/ltm/virtual/stats verb=GET Uri: Referer:null","restOperationId":141380,"errorStack":["java.lang.SecurityException: Authorization failed: user=prueba resource=/mgmt/tm/ltm/virtual/stats verb=GET Uri: Referer:null","at com.f5.rest.workers.ForwarderWorker.evaluatePermission(ForwarderWorker.java:420)","at com.f5.rest.workers.ForwarderPassThroughWorker.onForward(ForwarderPassThroughWorker.java:191)","at com.f5.rest.workers.ForwarderPassThroughWorker.onGet(ForwarderPassThroughWorker.java:321)","at com.f5.rest.common.RestWorker.callDerivedRestMethod(RestWorker.java:735)","at com.f5.rest.common.RestWorker.callRestMethodHandler(RestWorker.java:702)","at com.f5.rest.common.RestServer.processQueuedRequests(RestServer.java:1092)","at com.f5.rest.common.RestServer.access$000(RestServer.java:45)","at com.f5.rest.common.RestServer$1.run(RestServer.java:136)","at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)","at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)","at java.lang.Thread.run(Thread.java:722)\n"]}

 

the LTM version is 11.5.1.5.0.147-HF5 thank you.

 

devops
iControl
LTM
security

2 Replies

Sort By
  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Jun 16, 2016

    i think it is only starting in 11.6 that you can define non admin roles for REST API. can you test if you can see anything with admin account in /mgmt/shared/authz/roles ?

     

  • COMMS-CORE_1795's avatar
    COMMS-CORE_1795
    Icon for Nimbostratus rankNimbostratus
    Jun 16, 2016

    Hi; do I tried to login with the user I created for testing to the url that you specified, the user has the role guest and I have found that to that resource if it has access and returns me the following message, is there any way to give permissions to this role guest to gain access to the resource that I indicated earlier or would have that upgrade of devices?.

     

    {"selfLink":"","totalItems":0,"items":[],"generation":10,"kind":"shared:authz:roles:rolescollectionstate","lastUpdateMicros":1466004021086162}

     

    Thank you