Security

 View Only

  • 1.  Onguard API activity

    Posted Dec 23, 2025 01:50 AM

    Dear Experts,

    One of the customer is trying to fetch onguard activity data from /api/onguard-activity but it requires super administrator. Due to security reasons they dont want to use super administrator role for this. What is the alternative to get this data without super admin role?



    ------------------------------
    Owais101
    ------------------------------


  • 2.  RE: Onguard API activity

    Posted Dec 23, 2025 05:23 AM

    Are you sure you need super admin? There is a specific permission for onguard activitity as part of the specific Policy Manager permissions (Operator Login Profiles):

    Those profiles can be applied to API calls as well. Note that you need API access permissions under API services on the operator profile as well to use the API.

    In case you tested, and it does not work, please open a TAC case.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Onguard API activity

    Posted Dec 23, 2025 07:00 AM
    Dear Herman,

    It was suggested by Aruba TAC that super admin is needed




    Original Message


  • 4.  RE: Onguard API activity

    Posted Dec 24, 2025 05:04 AM
    Dear Herman, 

    I just checked in my own setup, below is the snapshot, without default Super Administrator Role, it gives Forbidden access. Even if i duplicate the Super Administrator (2), it still gives forbidden error so maybe it only works with default super admin account (sorry for repetitions)


    Best Regards




    Original Message


  • 5.  RE: Onguard API activity

    Posted Jan 02, 2026 04:31 AM

    Sounds to me like something that needs to be addressed by product development. If this is important for your customer, can you ask TAC to create a bug/product defect for this behavior?
    There is a permission for OnGuard Activity access, but it clearly does not work as expected via the API. Get your local HPE Networking contact involved if you don't get further with TAC.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content