Troubleshooting
Problem
When running a REST operation to the HMC, an error can be encountered:
Error: HTTP GET request failed, rc=401, msg=Unauthorized
Cause
This is caused by a missing object in the user's custom task or resource role.
Environment
Any HMC physical or virtual platform
Any HMC Version or Release
Diagnosing The Problem
Rerun the API call as the hscroot user. If the error is no longer returned, the problem is a required object missing in the user's custom task or resource role.
Resolving The Problem
The REST API documentation covers what task and resource roles are required in order to run specific API calls.
If you cannot find the missing value from the REST API documentation, use the following procedure for problem isolation.
1) From the GUI create a copy AllSystemResources. Navigate to the 
-> Users and Roles -> click "Manage Task and Resource Roles"
-> Users and Roles -> click "Manage Task and Resource Roles"
2) Select "AllSystemResources" when "Managed Resource Roles" is selected:
3) Click "Edit", then select "Copy".
4) Provide a Role name (for example; ALLRESTAPI), "Based on" selection remains "AllSystemResources".
Now, under Current Objects you can remove certain access, or you can do the removals later.
5) Now copy hmcsuperadmin, click "Task Roles" and select hmcsuperadmin:
6) Click "Edit", then "Copy"
7) Provide a Role Name (for example; RESTAPI), "Based on" selection remains as hmcsuperadmin.
Now, under Current Tasks, you can remove certain tasks, or you can do the removals later.
8) Modify the user by selecting "Manage User Profiles and Access", select the userid (for example; restapi), then select Modify/View.
9) Assign the new resource and task roles to the user.
10) Start removing objects and tasks under "Current Objects pic 4" or "Current Tasks pic 7" at a more granular level by going back into the newly created roles through Edit -> Modify. Alternatively, use the CLI commands of lsaccfg to list values and chaccfg to remove values that are not wanted. Retest the REST API call as you remove objects and tasks, making sure you do not remove the object or task role that allows your specific API call to succeed. Add back anything that returns the error with mkaccfg or the GUI.
Continuing to use hscroot is another option, since hscroot has all task and resource roles for any operation.
Document Location
Worldwide
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SGGSNP","label":"Hardware Management Console V9"},"ARM Category":[{"code":"a8m0z000000bowEAAQ","label":"Hardware Management Console"}],"ARM Case Number":"TS003696315","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
Modified date:
22 September 2021
UID
ibm16213240