09-07-2020 03:44 AM
I am trying to backup the config from a remote backup server. The backup file is generating but no config showing in the file. Instead when I open the xml file, I can see this " <?xml version="1.0"?> -<response code="403" status="error"> -<result> <msg>Type [export] not authorized for user role.</msg> "
The steps I did is;
I took the API key using the command - https://<IP Address>/api/?type=keygen&user=<username>&password=<password>
I am running the below command from a linux OS;
curl -kG --tlsv1.2 "https://IP Address/api/?type=export&category=configuration&key=API KEY" > /home/sftpusers/home/sftponly/firewall_backups/running-config.xml
09-07-2020 04:44 AM
the reason stated at the file output: "not authorized for user role".
admin role account should be able to export Config from firewall, admin account type should be "dynamic".
after changing the role backup should work.
09-07-2020 05:50 AM
This user has admin privileges. The authentication type is RSA with static password. When the user logins it will get assigned with Super User role. Please let me know if any specific config to be done.
09-07-2020 06:03 AM
when you enter the Link "https://IP Address/api/?type=export&category=configuration&key=API KEY" in a brower " where access to the Firewall Management ist allowed" do you see the Firewall-config data?
09-07-2020 07:10 AM
No I am getting the below response.
09-07-2020 09:46 AM - edited 09-07-2020 09:46 AM
the Account simply does not have permission to export Configurations.
you need to create Admin-Account with role type "Dynamic" and Administrator Permission.
Then Generate API-Key with it.
09-07-2020 09:24 PM
I have created user called "backup" and type is "dynamic" and role "Superuser (read-only)"
But the actual backup user is "GS0C@backup". This user is defined in Radius.
Let me tell you the issue, I am able to login with GS0C@backup in GUI and I have full rights. But when I do an API call it says "not authorized"
01-13-2022 09:09 AM
Not sure if you ever got your answer, but I think it is related to the Admin Roles, then pick the profile and the tab for XML/Rest API and most likely give readonly to the configuration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
