REST API: Access is denied


This article applies to:

  • Trustwave SEG REST API (8.X)
  • Trustwave SPE access to SEG Array Managers (4.0 and above)

Symptoms:

  • Connecting to the SEG API
  • Entering credentials for connection to SEG in the SPE Admin Console Array page
  • Error message: Access is denied
  • Error message: The user has not been granted the requested logon type at this computer
  • Testing the credential in a browser returns HTTP 500 errors

Causes:

  • The credential being used does not have appropriate permissions on the server.
  • The credential must have Log on as a batch job permission (granted to Administrator accounts by default).
    • This permission can be set and overridden in GPO.
  • Accounts with permission to log on could also have limited access due to access control settings in the SEG Configurator.

Resolution:

Grant and verify the appropriate permissions for the account being used to connect.

Notes:

In MailMarshal (SEG) 10.X, the API is secured using Bearer tokens derived from SEG Management Console credentials. Windows ACLs are not used. For details, see the MailMarshal (SEG) 10 API Handler listing attached to article 20867.


Last Modified 5/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle21091.aspx