Is there a way to read and update network domains permissions?

API/CLI
, ,
1

I was poking around in the API docs, and looking over the CLI commands, but I can’t seem to find any listing or way to read in the current permissions on a Network > Domains, or update them. Other items where permissions are via groups, there is (or was) a --group-all to sort of clear the default “All” permission to the item, but I’m not seeing anything of the sort or individual group permission listings in the API or CLI to these objects.
Does anyone happen to know if there is a listing and if so what API endpoint or CLI command/flags would work to display and update these values?

Thanks!

2

You can update domain permissions using a groovy script until we add the API to update domain permissions.

3

Hi @aabraham, my colleague @rjr162 wrote the original post. I’m not familiar with how/where to run a script like this, is there a groovy framework on the Morpheus appliance?

Also, how might we alter your script to remove the “all” permission that is granted by default and iterate across all of the domains instead of doing them one by one? This would be a huge time-saver for us.

Any help would be appreciated. Thanks!

4

You can run this as a groovy task type in Morpheus Screen Shot on 2022-08-22 at 16-31-24.png - Droplr

Are you referring to remove group all permissions on a domain Screen Shot 2022-08-22 at 16.30.30.png - Droplr ?

Morpheus is written in groovy and uses the grails framework.

5

Thanks! I guess we never noticed that groovy task type since we never used it before, haha.

Yes, we are looking to remove that “all” permission on ALL domains in our environment.

(The issue is that we want to implement the EfficientIP plugin to use with our IPAM solution, but it ingests all of the domains from EfficientIP and by default gives everyone permission to all of them - we don’t want that, so we need to be able to remove the “all” permission en masse without having to click each one in the UI)

6

@halbig morpheus-automation-examples/updateDomainTenantPermissions.groovy at main · gomorpheus/morpheus-automation-examples · GitHub

this would update the group permissions

def resourcePermissions = [all: false, sites: [[id: 70, default: true]] ]
permissionService.updateResourcePermissions(masterTenant, 'NetworkDomain', networkDomainName.id, resourcePermissions)
results.success
7

Thank you! We ended up editing the database directly to resolve this:

INSERT INTO resource_permission (all_groups, default_store, all_plans, all_sites, default_target, morpheus_resource_type, morpheus_resource_id, account_id, can_manage) SELECT true, false, false, false, false, 'NetworkDomain', id, 1, false FROM network_domain WHERE ref_id = 1;

where “ref_id” is the integration ID number found with:

select id,name from account_integration;