Meraki

Community

Update Port Management Privilege

Stoerfaktor
Here to help
‎Jun 30 2022 1:37 PM
‎Jun 30 2022 1:37 PM

Update Port Management Privilege

Hi all, I try to update the port management privileges of several users over roughly 200 networks. While I can update the admin with network rights, the api does not accept when I try to update the port management privileges. It seems to me that it cannot be done right now, but perhaps someone here has some more info?

 

What works:

 

dashboard.organizations.updateOrganizationAdmin(
        org_id,
        admin_id,
        networks=[{'id': net, 'access': "read-only"}]

 

What does not work:

 

dashboard.organizations.updateOrganizationAdmin(
        org_id,
        admin_id,
        networks=[{'id': net, 'access': "switchport", 'privilegeName': 'CustomerAdmin'}]
 

It gives me an error that the access must be "full, read-only, guest-ambassador or monitor-only".

 

However, when I do a getOrganizationAdmin, this is what I get:

 

{'id': '*snip*',
'name': 'some name',
'email': 'some_email@domain.com',
'authenticationMethod': 'Email',
'orgAccess': 'read-only',
'accountStatus': 'ok',
'twoFactorAuthEnabled': False,
'hasApiKey': True,
'lastActive': '2022-06-30T11:23:36Z',
'networks': [{'id': 'some_id',
'access': 'switchport',
'privilegeName': 'CustomerAdmin'},

 

So it seems I can read out port management privileges, but cannot update them. Does anyone know a way around this?

0 Kudos
2 Replies 2
NesAlba
Here to help
‎Jun 30 2022 6:53 PM
‎Jun 30 2022 6:53 PM

Hello

 

I think what you are trying to do is apply  the same tags for the admin and that one applies to a specific switchport

if that is the case you need to do this:

Step 1:

update  or add a tag to the existing network

Step 2:

update or add that tag to a specific admin org

Step 3

update or add that tag to a specific switch port

 

if that is correct here is the python code:

import meraki

def addNetworkTag(apiKey, networkId, tag):

    try:
        #Step 1
        #Add tag to the existing network
        #https://developer.cisco.com/meraki/api-latest/#!update-network

        dashboard = meraki.DashboardAPI(apiKey)
        network_id = networkId

        response = dashboard.networks.updateNetwork(
            network_id,
            tags=[tag],
        )
        print(response)
    except meraki.APIError as e:
        print(e)
        addNetworkTag()
    except KeyboardInterrupt:
        print()
        print(" -- Program terminated manually --")
        print("            Goodbye!              ")
        quit()


def updateOrgAdmin(apiKey, organizationId, adminId, tag):
    try:
    # Step 2
    # Add network tag to admins
    #https://developer.cisco.com/meraki/api-latest/#!update-organization-admin
        dashboard = meraki.DashboardAPI(apiKey)
        organization_id = organizationId
        admin_id = adminId

        response = dashboard.organizations.updateOrganizationAdmin(
            organization_id, admin_id,
            tags=[{'tag': tag, 'access': 'full'}]
        )
        print(response)
    except meraki.APIError as e:
        print(e)

    except KeyboardInterrupt:
        print()
        print(" -- Program terminated manually --")
        print("            Goodbye!              ")
        quit()


def addTagtoPorts(apiKey, switchSerial, switchPort, tag):
    #Step 3
    #Add the Network Tag to a specific SW port
    #https://developer.cisco.com/meraki/api-latest/#!update-device-switch-port
    try:

        dashboard = meraki.DashboardAPI(apiKey)

        serial = switchSerial
        port_id = switchPort

        response = dashboard.switch.updateDeviceSwitchPort(
            serial, port_id,
            tags=[tag]
        )
        print(response)

    except meraki.APIError as e:
        print(e)
    except KeyboardInterrupt:
        print()
        print(" -- Program terminated manually --")
        print("            Goodbye!              ")
        quit()

#Variables needed
apiKey = "<Your API Key>"
tag = "<Desire Tag for everyone>"
organizationId = "<Org id>"
adminId = "<admin id>"
networkId = "<Desired Network id>"
switchSerial = "<sw serial number>"
switchPort = "<desire sw port>"

"""Program starts here"""
# Step1
addNetworkTag(apiKey)

# Step2
updateOrgAdmin(apiKey)

#Step3
addTagtoPorts(apiKey)

 

 

 

hope that work for you!

0 Kudos
In response to NesAlba
Stoerfaktor
Here to help
‎Jul 1 2022 3:34 AM
‎Jul 1 2022 3:34 AM

Hi NesAlba, thanks for your answer. Unfortunately Port Management Privileges are defined per network, and therefor can only be assigned per network and user. They cannot be set on tags.

Also, the tags from the switchport are not the same tags you can set rights on in the UpdateOrganizationAdmin, those would be the tags from the network.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.