Cloudistan
Contributor
Contributor

NSX-T: use API to modify rule in a section created by principal identity

Jump to solution

according to the documentation: "Users (local, remote, or principal identity) with the Enterprise Administrator role can modify or delete objects owned by principal identities."

however, when using the api call {/api/v1/firewall/sections/<sectionId>/rules} to change a rule in a section that is owned by principal identity, using a local user with Enterprise Administrator privileges, I get this error: "Principal 'admin' with role '[enterprise_admin]' attempts to delete or modify an object of type FirewallSection it doesn't own. (createUser=nsx_policy, allowOverwrite=null)". is there a way to do this using the API?

0 Kudos
1 Solution

Accepted Solutions
mauricioamorim
VMware Employee
VMware Employee

Try to make the API call adding "X-Allow-Overwrite: true" in the header.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

0 Kudos
2 Replies
mauricioamorim
VMware Employee
VMware Employee

Try to make the API call adding "X-Allow-Overwrite: true" in the header.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

0 Kudos
Cloudistan
Contributor
Contributor

Hi, we have managed to change default sections (created by principal identity) using the suggested flag in the header. now when we see the new rule we cant see it in the default section screen (security->distributed firewall), only in the advanced screen (advanced network and security->distributed firewall) where it cant be modified. the result is that rules added through the api to the default sections cant be modified in the ui, only in the api. is this expected behavior?

see attached images:

NSX-T_DFW.jpg

NSX-T_DFW_from_security.jpg

0 Kudos