according to the documentation: "Users (local, remote, or principal identity) with the Enterprise Administrator role can modify or delete objects owned by principal identities."
however, when using the api call {/api/v1/firewall/sections/<sectionId>/rules} to change a rule in a section that is owned by principal identity, using a local user with Enterprise Administrator privileges, I get this error: "Principal 'admin' with role '[enterprise_admin]' attempts to delete or modify an object of type FirewallSection it doesn't own. (createUser=nsx_policy, allowOverwrite=null)". is there a way to do this using the API?
Try to make the API call adding "X-Allow-Overwrite: true" in the header.
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Try to make the API call adding "X-Allow-Overwrite: true" in the header.
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Hi, we have managed to change default sections (created by principal identity) using the suggested flag in the header. now when we see the new rule we cant see it in the default section screen (security->distributed firewall), only in the advanced screen (advanced network and security->distributed firewall) where it cant be modified. the result is that rules added through the api to the default sections cant be modified in the ui, only in the api. is this expected behavior?
see attached images: