What is a one sentence summary of your feature request?
Please make time to create detailed documentation for both the graphical and API interfaces.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Currently the technical documentation surrounding the Netwrix Privilege Secure product is pretty abysmal. It lacks coverage, depth and can even contain outright incorrect information. I would love to see some time set aside to truly flesh out the technical knowledge base so admins and technical users can better utilize the platform. I would love to see the API documentation be greatly expanded as trying to make advanced actions and leverage the platform to it’s maximum potential is currently a slog.
How do you currently solve the challenges you have by not having this feature?
Currently, we are pretty much learning via trial and error. Then we document internally what is learned and what assumptions we can make about the product. This is far from ideal, especially for an enterprise product.
Agreed. I’m trying to find more information about the Service Account permissions that perform Just In Time access and elevation of privileges but can’t find it anywhere in the docs.
Specifically relevant is that the Action service runs under the app privilege level. Not sure what the specific question/issue you’re facing is, but hope that helps.
I appreciate this feedback - it’s really useful. Docs are always evolving, and hearing where you’re running into roadblocks helps us focus.
If you don’t mind, please DM me with the specific spots (like the API use cases or JIT service account permissions) where you need more depth. That’ll help me get the right folks involved and point you to anything we already have that might not be obvious.
I’ll respond here so if anyone else sends something your way it’s not totally duplicated.
That being said, I have not been able to find any documentation on how to actually use an App token to authenticate to the API. It seems there is some endpoint you have to hit using the app api key to get a bearer token, but this doesn’t seem to be documented. Additionally, the API docs do not include the necessary permissions required to reach each endpoint. For example, the doc for session approval says no where that you need to be an administrator role to do so, nor does it reference the app role. This makes building out custom actions and even custom integrations more difficult than it needs to be because we end up fighting to figure out if there is a permissions error or not.
Along with this I would love to get some further documentation on the platform itself. For example, as of now, the RAG documentation literally just says to contact support. I’d like to know a bit more about what the application looks like with the RAG setup without having to schedule a call.
Ideally under specific page for the API endpoint there should be any information related to the privilege required to access it. As far as I can tell, there are four permission levels, (user, admin, app user, auditor), so if the API endpoint could include the minimum permission required to access that data, it would be helpful. I am making the assumption that the permission hierarchy goes (from least to most): user, auditor, app user, admin.
An example of the format I would imagine (I’m not sure if the permission minimum itself is correct, but formatting wise):
.....
Responses
Status Meaning Description Schema
201 Created Created None
400 Bad Request Bad Request Microsoft.AspNetCore.Mvc.ProblemDetails
404 Not Found Not Found Microsoft.AspNetCore.Mvc.ProblemDetails
500 Internal Server Error Server Error None
To perform this operation, you must be authenticated by means of one of the following methods: Bearer
Permissions
app user
I am relatively new to Netwrix and agree our documentation isn’t as comprehensive as it should be. We will be working on it but unfortunately we won’t be able to do it quickly.