Hello, we are trying to use Milestone RestApi, we follow below documentation:
https://doc.developer.milestonesys.com/mipvmsapi/api/config-rest/v1/#tag/Grouping/operation/getAllcameraGroups
Having issues with GET “/API/rest/v1/cameraGroups” . we get following error with read only user:
Error: Failed to retrieve camera groups with status code 403
It is clearly access issue, we use read-only rule which has read access to all the objects, Groups, cameras, hardware.. just all in the list but this “/API/rest/v1/cameraGroups” reqest fails always, other requests works fine, we can list cameras for example, I even tried to give role full permissions even that did not work but when I add my api/script user to the default “Administrators” group it works fine, even “Local Admin” rule not allowed to list groups but only “Administrators” , anyone experience safe issue? how we can decide what causes this?
Before we go further please tell us: What product and version is the XProtct VMS you are using?
XProtect VMS 2023 R1
XProtect Management Client 2023 R1
And the product license? XProtect Corporate, Expert, Professional+, Express+, Essential+?
Under lisence information I see two:
-
XProtect Professional+ 2023 R1
-
Milestone XProtect Access
The ability to read the camera groups demand that the user is in the Administrator’s role.
The functionality will be changed in a future version of XProtect, it is on the backlog.
In the XProtect Corporate product there is in Role Settings for Management Server a Read settings, if this is set the user in the role can read camera groups. Unfortunately this setting does not exist for the other products (including XProtect Professional+) and only being a member of the Administrator’s Role gives you the necessary permission.
New information for newer versions! (Currently the 2024R1 release is upcoming.)
Starting in 2024R1 the functionality has been changed. When you ask for camera groups an evaluation will take place server side, you will get the camera groups that contains cameras for which you have permissions (read permission on the camera). It follows that you will not get camera groups that contains no cameras for which you have permissions. By giving the role permissions to cameras you control which cameras can be seen but also which camera groups.