RisPort Access denied

Version 1
    This document was generated from CDN thread

    Created by: Johan van Reijendam on 06-07-2009 09:26:30 PM
    Hi all,
     
    I am trying to get real-time access from a CCM 6.1.2.1000-13 system. Ordinary AXL operations such
    as 'getPhone' work successfully. However trying to make a call to get real-time information fails with
    'Access to the requested resource has been denied'
     
    The enduser configured to access the services has the following permissions:
    Groups:
        AXL Access
        Standard RealtimeAndTraceCollection
    Roles:
        Standard AXL API Access
        Standard RealtimeAndTraceCollection
     
    Accessing the RisPort with a browser gives the following page:
     
    RisPort
    Hi there, this is an AXIS service!
    Perhaps there will be a form for invoking the service here...
     
    The trial query is one that was posted on the forum before and the following:
     
    With SOAPAction header
    "http://schemas.cisco.com/ast/soap/action/#RisPort#SelectCmDevice"
     
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
    <ns1:SelectCmDevice soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://schemas.cisco.com/ast/soap/">
    <StateInfo xsi:type="xsd:string"/>
    <CmSelectionCriteria xsi:type="ns1:CmSelectionCriteria">
    <MaxReturnedDevices xsi:type="xsd:unsignedInt">200</MaxReturnedDevices>
    <Class xsi:type="xsd:string">Any</Class>
    <Model xsi:type="xsd:unsignedInt">255</Model>
    <Status xsi:type="xsd:string">Unknown</Status>
    <NodeName xsi:type="xsd:string" xsi:nil="true"/>
    <SelectBy xsi:type="xsd:string">Name</SelectBy>
    <SelectItems soapenc:arrayType="ns1:SelectItem[1]" xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
    <item xsi:type="ns1:SelectItem">
    <Item xsi:type="xsd:string">*</Item>
    </item>
    </SelectItems>
    </CmSelectionCriteria>
    </ns1:SelectCmDevice>
    </soapenv:Body>
    </soapenv:Envelope>
     
    Any pointers will be appreciated.
    Regards,
    Johan

    Subject: RE: RisPort Access denied
    Replied by: Stephan Steiner on 10-07-2009 07:03:43 AM
    Welcome to AXL serviceability
     
    Bottom line, you need Standard CCM Admin Users to use serviceability. Don't ask why, they couldn't tell me when I opened a case, but this is what is needed - there's no way to configure it - you can access all the roles and rights that deal with serviceability and despite all that you'll still end up being unauthorized.
     
    Maybe you can convince them it's really a bug not a "feature".

    Subject: RE: RisPort Access denied
    Replied by: David Staudt on 10-07-2009 04:34:31 PM
    On my 7.0(1) system, the miminum permissions needed to use the Serviceability SOAP ports are:
     
    - Standard CCM Admin Users (to get in the front door of the web admin Tomcat instance - does not give full admin rights)
    - Standard SERVICEABILITY Read Only (to access risport API)