Creating an API Access Profile
An API Access Profile restricts a Junos Space user from executing RPC commands that are potentially unsafe for or harmful to your network. An API Access Profile is a set of rules that are used to validate an RPC command executed using the exec-rpc API. A rule is an XPath expression (XPath 1.0). An audit log entry is generated when you create, modify, or delete an API Access Profile.
You can assign an API Access Profile to both local and remote user accounts. You assign an API Access Profile to a user when you create or modify a user account or a remote profile. For more information about creating user accounts, see Creating Users in Junos Space Network Management Platform.
If an API Access Profile is not associated with a user account, the user cannot execute any RPC commands on the device. If the user tries to execute an RPC command, Unauthorized Access Error is displayed.
You create an API Access Profile when you need to execute RPCs by using APIs.
To create an API Access Profile:
- On the Junos Space Network Management Platform user interface,
select Role Based Access Control > API Access Profiles.
The API Access Profiles page that appears displays the list of API Access Profiles in the Junos Space Platform database.
- Click the Create API Access Profile icon.
The Create API Access Profile page is displayed.
- In the Name field, enter a name for the new
API Access Profile.
An API Access Profile name cannot exceed 32 characters and can contain only letters, numbers, spaces, and some special characters. The special characters allowed are hyphen (-), underscore (_), and period (.). Leading and trailing spaces are not allowed. The name should start or end only with letters or numbers.
- (Optional) In the Description field, enter
a description for the new API Access Profile.
The description cannot exceed 256 characters and can contain letters, numbers, spaces, and special characters.
- On the RPC Command Rules tab, click the Add Rule icon.
The Add/Edit Rule pop-up window is displayed. This pop-up window displays the rules that are associated with other API Access Profiles.
- In the Rule drop-down list, enter the RPC command
You can also select the rules associated with other API Access Profiles from the drop-down list.
- Click OK.
The new RPC command rule is added to the API Access Profile.
Repeat steps 5 through 7 to add more RPC command rules. You must add at least one rule to the API Access Profile to be able to save the profile in the Junos Space Platform database.
- Click Save to save the API Access Profile.
You are redirected to the API Access Profiles page.
You can view the details of an API Access Profile. To do so, right-click the API Access Profile and select View API Access Profile Detail or double-click the API Access Profile.