Read-only User for SEMP API
Is it possible to create a read-only user to access the SEMP API using the Solace Cloud console if my user has the role of account administrator ?
Answers
-
We are unable to execute the CLI commands so wanted to try creating the user directly from console.
0 -
Hey @GurpreetKaur , no a Solace Cloud admin account cannot create new SEMP/CLI users… only a "global" admin of the broker can do that.
Note that most Solace Cloud brokers will have two users automatically created for it… the regular admin account (which is actually a VPN-level read-write user), and a viewer account (a global read-only user). In your Cloud Console, find the service, click on "Manage", then under "Broker Manager - Web Application" change the drop-down to "Viewer" and copy the username / pw from there. That is the global read-only account you seek:
Let me know if that works for you.
1 -
Hey @Aaron , thanks for the detailed explaination. I was able to find this global read-only user. This will work for us. We don't have to create any new user then as it already serves the purpose.
0 -
Note for any future readers: starting with SolOS 10.9.1 (which came out recently), the "admin" account that Solace Cloud automatically provisions for managing the Solace Cloud service also has global read-only permissions for the broker, so both the "admin" and "viewer" accounts will be able to do global / broker-level CLI and SEMP commands… well, read-only
showcommands. But if you're building a monitoring app, or providing credentials for someone just to view, then still use the "viewer" account (fully read-only).0
