I'm looking to allow our help desk techs to adjust non-trunk switchports. For example, swapping VLAN assignments when moving different bits of hardware around (phones, desktops, printers, etc).
I see that we can create a switchport tag, and grant that tag the ability to modify switchports. With an API script, I can determine if a port is an Access or Trunk port, and assign the tag appropriately. I see that the switchport tag privilege propagates to all networks, which is great; However, I don't see an immediately obvious way to grant a user (or a SAML role) the privilege across the across the board. It appears that I have to add this privilege for each network within our organization to that user (or SAML role)?
You would need to repeat the update process for every desired network.
Documentation says it 'must' be the 'default roles' but I haven't tried it yet but since I can 'get' the info that I have tested for a single network , I don't see why I couldn't POST the payload for other networks.
I'll give that a try and see how it plays, good suggestion.
Honestly was hoping I could use a network tag to tie the switchport modify privileges to a subset of networks to put a nice little bow on this, but when I try to do that I don't see the switchport access tag as an option...bummer.
I may be doing something wrong but...I dunno. Just for grins, I copied a Request Body example, generated with the form from the endpoint documentation, using just the default values (read-only for org, full access for network) and it just blows up. Curious.