I'm trying to create a local user for API access that will have the absolute minimum rights possible to run something like /api/query?relevance=url+of+current+bes+server as a monitor of the Query service. Having "Can submit queries", "Can use REST API", and the BES servers assigned still results in a response of "does not have required role". Any idea what I'm missing?
Need to assign one relevant role and role should have access to rest API
1 Like
Ha! Appears that I asked a similar question 5 months ago as well, with no responses. 
Oh brother. You suggestion would have worked because I thought I had selected “Always allow this user to log in”. I apparently only though about doing so real hard and had left the default of “Only allow this user…at least one role”. After switching it to “Always allow…” it worked fine with no role.
Interestingly, it also worked fine after removing all assigned computers and turning off “Can submit queries”. 
So, just “Always allow…” and “Can use REST API” is enough to allow a local account to run something like /api/query?relevance=url+of+current+bes+server to test the availability of the query API endpoint. (Seems like it should require "Can submit queries", though… 
)
1 Like
"Can submit queries" is associated with sending queries to clients i.e. /api/clientquery
2 Likes