RisPort Access denied

Version 1
    This document was generated from CDN thread

    Created by: Johan van Reijendam on 06-07-2009 09:26:30 PM
    Hi all,
    I am trying to get real-time access from a CCM system. Ordinary AXL operations such
    as 'getPhone' work successfully. However trying to make a call to get real-time information fails with
    'Access to the requested resource has been denied'
    The enduser configured to access the services has the following permissions:
        AXL Access
        Standard RealtimeAndTraceCollection
        Standard AXL API Access
        Standard RealtimeAndTraceCollection
    Accessing the RisPort with a browser gives the following page:
    Hi there, this is an AXIS service!
    Perhaps there will be a form for invoking the service here...
    The trial query is one that was posted on the forum before and the following:
    With SOAPAction header
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    <ns1:SelectCmDevice soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://schemas.cisco.com/ast/soap/">
    <StateInfo xsi:type="xsd:string"/>
    <CmSelectionCriteria xsi:type="ns1:CmSelectionCriteria">
    <MaxReturnedDevices xsi:type="xsd:unsignedInt">200</MaxReturnedDevices>
    <Class xsi:type="xsd:string">Any</Class>
    <Model xsi:type="xsd:unsignedInt">255</Model>
    <Status xsi:type="xsd:string">Unknown</Status>
    <NodeName xsi:type="xsd:string" xsi:nil="true"/>
    <SelectBy xsi:type="xsd:string">Name</SelectBy>
    <SelectItems soapenc:arrayType="ns1:SelectItem[1]" xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
    <item xsi:type="ns1:SelectItem">
    <Item xsi:type="xsd:string">*</Item>
    Any pointers will be appreciated.

    Subject: RE: RisPort Access denied
    Replied by: Stephan Steiner on 10-07-2009 07:03:43 AM
    Welcome to AXL serviceability
    Bottom line, you need Standard CCM Admin Users to use serviceability. Don't ask why, they couldn't tell me when I opened a case, but this is what is needed - there's no way to configure it - you can access all the roles and rights that deal with serviceability and despite all that you'll still end up being unauthorized.
    Maybe you can convince them it's really a bug not a "feature".

    Subject: RE: RisPort Access denied
    Replied by: David Staudt on 10-07-2009 04:34:31 PM
    On my 7.0(1) system, the miminum permissions needed to use the Serviceability SOAP ports are:
    - Standard CCM Admin Users (to get in the front door of the web admin Tomcat instance - does not give full admin rights)
    - Standard SERVICEABILITY Read Only (to access risport API)