Hi All - we’re running CheckMK 2.3.0p29 enterprise. On the left hand side under “Help” there is REST API documentation with an interactive UI. I’m unable to find any permissions which controls access to this - is it reserved for admins only? I can view it (I’m an admin) but we have other users interested in using the REST API for reporting and when they click on the REST API documentation link they receive a 401 error. I’m not keen to make these users admins - is there a way to get access to the documentation without being one? Thanks
Hi Asher,
I’m not aware of a permission for the rest-api docs or interactive UI, but if the users are interested in the REST-API, won’t they need a playground anyway? Maybe setting up a separate sandbox/dev instance where they can have all the admin rights they want to test their api calls (and eventually create themselves users with less permissions to test if their API use still works ;)) would be easiest?
Gerd
1 Like
Thanks Gerd. I forgot to mention that I’m looking to limit this user to only queries (ie pulling graphs for things like CPU historically). However, the API obviously lets them do a whole lot more. I’ll look into making a sandbox for them.
Hi Asher,
the API follows the same permissions that the user has when using the Web-UI. I.e. if your user can create rules manually, they would also be able to create them over the API.
(If you find a REST-API call that does allow the user to do something they aren’t allowed to do in the web-UI, that would be a security bug.)
Gerd