Forum Discussion

ZHarvey_164362's avatar
ZHarvey_164362
Icon for Nimbostratus rankNimbostratus
Aug 04, 2014

Read Access Denied on LocalLBRule::get_metadata

I'm using the iControl Java lib and am getting "Read Access Denied" errors.

public class F5Test implements Credentials {
    private Interfaces f5Interface = new Interfaces("my-lb.example.com", 443, UNAME, PSWD);

    public static void main(String[] args) {
        F5Test test = new F5Test();
        test.test();
    }

    void test() {
        try {
            f5Interface.getManagementPartition().set_active_partition("my-partition");

            String[] rules = {
                "irule_my_rule" 
            };
            String[][] md = f5Interface.getLocalLBRule().get_metadata(rules);
            for(String[] mds : md) {
                for(String metadata : mds) {
                    System.out.println(metadata);
                }
            }
        } catch (RemoteException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

When I run this I get:

AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server
 faultSubcode: 
 faultString: Exception caught in LocalLB::urn:iControl:LocalLB/Rule::get_metadata()
Exception: Common::OperationFailed
    primary_error_code   : 17238051 (0x01070823)
    secondary_error_code : 0
    error_string         : 01070823:3: Read Access Denied: user (zharvey) type (rule metadata)
 faultActor: 
 faultNode: 
 faultDetail: 
    {http://xml.apache.org/axis/}stackTrace:Exception caught in LocalLB::urn:iControl:LocalLB/Rule::get_metadata()
Exception: Common::OperationFailed
    primary_error_code   : 17238051 (0x01070823)
    secondary_error_code : 0
    error_string         : 01070823:3: Read Access Denied: user (zharvey) type (rule metadata)
    at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
    at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
    ...rest of stack trace omitted for brevity

I have confirmed that the iRule "irule_my_rule" is defined inside "my-partition" and our IT staff confirms I have full r/w permission for it. Am I using the API incorrectly or is this an F5 config issue?

application delivery
design
devops
f5 icontrol
iControl
java
LTM
  • Chris_56952's avatar
    Chris_56952
    Icon for Nimbostratus rankNimbostratus
    Mar 26, 2015

    I had to elevate my icontrol user's access to Auditor-level in order to get results from this method.

     

    • Joe_Pruitt's avatar
      Joe_Pruitt
      Mar 26, 2015
      Chris, thanks for the update. I do believe there is a baseline user level that is needed to use the APIs.