RESTful knowledge exchange
Post Reply
rvvliet78
Novice
Posts: 3
Liked: 1 time
Joined: Apr 26, 2017 9:43 am
Full Name: Rick van Vliet
Contact:

API permissions

Post by rvvliet78 » 1 person likes this post

Hi,

I would like to submit a feature in the permissions of the rest API.

In our environment we have an Infra team who are responsible for the backup servers and they configure the jobs and we have Teams dedicated to serving customers. As each customer team has their own monitoring server they would like to use the Rest API to get the latest job status and failed jobs and stuff.

At the moment this information is only available with a user within Veeam that has full Admin permissions. If I give the teams a user account with admin permissions they can potentially remove jobs for other teams or restore VM's from other teams.
Some of our customers have sensitive data that the team serving them is only allowed to access, if someone from another team can change his permissions via the api they can access this data which will cause ISO certification issues.

It is however not a problem for them to see if jobs of other teams are successfull or fail so a "Read-only" permission would be more then sufficient.

Kind Regards,

Rick

dhc
Service Provider
Posts: 2
Liked: never
Joined: Feb 07, 2018 2:17 pm
Full Name: David Haynes
Contact:

[MERGED] Minimum permission required?

Post by dhc »

I would like to use the REST API in a read-only mode except for the required POST to get the access token. What is the minimum permission required so that I can read elements like /backups/{id}, /restorepoints and /cloud/tenants? Does it have to the 'Admin' or is there some lesser permission role?

Thanks

veremin
Product Manager
Posts: 18364
Liked: 1802 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: API permissions

Post by veremin »

Currently only users with Admin permissions can operate with RESTful APIs, but consider your feature request noted. Thanks.

benyoung
Veeam Vanguard
Posts: 144
Liked: 46 times
Joined: May 25, 2016 3:29 am
Full Name: Ben Young
Contact:

Re: API permissions

Post by benyoung »

We do a similar thing here in our multi tenant environment - achieving this by effectively fronting the veeam environment via our own API - as we do with the other systems, vCenter, Fortinet etc

Although it is a bit of work you can control exactly what you want people to access as well as augment that information with other data sources if required and quite often we have our schema different by prefetching other related data from veeam at the same time, such as job sessions/restore point data to prevent multiple calls having to be made if that is the intended use for the data

spine
Service Provider
Posts: 12
Liked: never
Joined: Mar 13, 2019 8:33 pm
Full Name: Steven Pine
Contact:

Re: API permissions

Post by spine »

Are there any updates to this question? We also are in need of multiple read only credentials to a variety of clients enterprise api portals.

nielsengelen
Veeam Software
Posts: 4183
Liked: 856 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: API permissions

Post by nielsengelen »

Currently no update yet when this will be added however your feature request is noted.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen

masonit
Service Provider
Posts: 274
Liked: 17 times
Joined: Oct 09, 2012 2:30 pm
Full Name: Magnus
Contact:

Re: API permissions

Post by masonit »

Hi

Think I have the same request as others in this thread.

I am doing some testing with Veeam vCloud self service portal and also its rest api. Api works fine as an administrator. But when trying to connect to Api using an vCloud tenant account. Then I can't connect. Shouldn't a vCloud tenant user be able to connect to Veeam self service rest api and manage their own jobs/backups/restore through rest api? In the same way as they can manage them using the web portal?

\Masonit

veremin
Product Manager
Posts: 18364
Liked: 1802 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: API permissions

Post by veremin »

We have this functionality only for Cloud Connect Backup & Replication tenants.

Let's consider your post as a feature request for future product versions.

Thanks!

masonit
Service Provider
Posts: 274
Liked: 17 times
Joined: Oct 09, 2012 2:30 pm
Full Name: Magnus
Contact:

Re: API permissions

Post by masonit »

Please do. Big limitation when customer can create vCloud vms with api. But not backup.

\Masonit

veremin
Product Manager
Posts: 18364
Liked: 1802 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: API permissions

Post by veremin »

Got it, your voice has been heard. Thanks!

mchavigny
Novice
Posts: 5
Liked: 2 times
Joined: Aug 26, 2019 1:16 pm
Contact:

[MERGED] Enterprise manager - Read Only user for API

Post by mchavigny »

Hi everybody,

I try to create Read Only user to request API.
I my user have a role different of "Portal Administrator", I can't show job in Rest API (but backup view work) :

Code: Select all

{
  "FirstChanceExceptionMessage": null,
  "Message": "Access denied.",
  "StackTrace": null,
  "Status": null,
  "StatusCode": 403
}
In fact, this problem not occured in Webpage, I can view job, but NOT in api with 'https://veeamenterprisemanager:9398/api/query?type=job' url

Can you know how to create a Read Only user with privilege to Read Job in RestAPI with Veeam Backup Enterprise Manager 9.5u4 ?

Best regards,

Vitaliy S.
Product Manager
Posts: 24862
Liked: 2093 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: API permissions

Post by Vitaliy S. »

Today, RESTful API account requires admin privileges, please take a look at the existing topic for more info.

veremin
Product Manager
Posts: 18364
Liked: 1802 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: API permissions

Post by veremin »

Also, if you describe the use case (or situation you're struggling with) in more details, it would help us to estimate the feature request better. Thanks!

BramV
Novice
Posts: 4
Liked: never
Joined: May 11, 2015 3:10 pm
Full Name: Bram
Contact:

Re: API permissions

Post by BramV »

This is another request for adding a read-only user.
Use case: This could then be used in job monitoring scripts. Now with the required admin privileges, if the monitoring server is compromised, the backup system can be compromised.

It seems a regular non-admin user can see all job and server stats on the dashboard homepage but can't request them using the API

oleg.feoktistov
Veeam Software
Posts: 857
Liked: 305 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: API permissions

Post by oleg.feoktistov » 1 person likes this post

Yes, this feature is under consideration. Thank you!

jw_ic
Enthusiast
Posts: 32
Liked: never
Joined: Oct 25, 2017 1:26 pm
Full Name: James Wuerflein
Contact:

Re: API permissions

Post by jw_ic »

BUMP! I would also like to see a backup operator type role for API requests vs full admin

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests