Granting technicians port-level configuration access

Crocker
Building a reputation

Granting technicians port-level configuration access

I'm looking to allow our help desk techs to adjust non-trunk switchports. For example, swapping VLAN assignments when moving different bits of hardware around (phones, desktops, printers, etc).

 

I see that we can create a switchport tag, and grant that tag the ability to modify switchports. With an API script, I can determine if a port is an Access or Trunk port, and assign the tag appropriately. I see that the switchport tag privilege propagates to all networks, which is great; However, I don't see an immediately obvious way to grant a user (or a SAML role) the privilege across the across the board. It appears that I have to add this privilege for each network within our organization to that user (or SAML role)?

 

Am I missing something obvious?

4 REPLIES 4
RaphaelL
Kind of a big deal
Kind of a big deal

Hi ,

 

You would need to update the saml Roles with this endpoint : https://developer.cisco.com/meraki/api-latest/#!get-organization-saml-roles

and : https://developer.cisco.com/meraki/api-latest/#!update-organization-saml-role

 

The 'get' endpoint returns something like : 

 

[{"id":"XXXXX","role":"Read","orgAccess":"read-only","networks":[{"id":"XXXXXXX","access":"switchport","privilegeName":"PORT_PRIVILEGE_NAME"}]}]

 

You would need to repeat the update process for every desired network.

 

Documentation says it 'must' be the 'default roles' but I haven't tried it yet but since I can 'get' the info that I have tested for a single network , I don't see why I couldn't POST the payload for other networks.

 

 

Good luck ! 

Crocker
Building a reputation

I'll give that a try and see how it plays, good suggestion.

 

Honestly was hoping I could use a network tag to tie the switchport modify privileges to a subset of networks to put a nice little bow on this, but when I try to do that I don't see the switchport access tag as an option...bummer.

RaphaelL
Kind of a big deal
Kind of a big deal

Yep ! This is a real bummer ! 

 

I tried to attach a network tag to a port privilege in the past and it wasn't available ( and still not available to this day sadly ) 

Crocker
Building a reputation

Took a swing at this this morning and all I'm getting when I try to PUT against  https://developer.cisco.com/meraki/api-latest/#!update-organization-saml-role the endpoint as documented is either 400 Bad Request or "There was a problem with the JSON you submitted".

 

I may be doing something wrong but...I dunno. Just for grins, I copied a Request Body example, generated with the form from the endpoint documentation, using just the default values (read-only for org, full access for network) and it just blows up. Curious.

Get notified when there are additional replies to this discussion.