Setting access control via API not working? #12594

awillinger-work · 2025-03-14T10:27:25Z

awillinger-work
Mar 14, 2025

Ask a Question!

Portainer version: 2.27.1

Currently trying to extend my Jenkins pipeline so it automatically deploys built containers using the Portainer API.

For that, I am experimenting around in Postman to get the calls working properly and not have to wait 5 minutes each time after a change. Anyways, the creation and start of containers already works fine, with the exception of access control, which is always set to "private" to the user that called the API:

This is despite me calling the API with the proper label set - "io.portainer.accesscontrol.teams" - as noted in the documentation: https://docs.portainer.io/advanced/access-control

If I run the container directly on the host, the access control is applied correctly:

The label itself is applied correctly in both cases:

Is this a restriction of the API, a bug or am I doing something wrong? It also doesn't work if I set "io.portainer.accesscontrol.public".

Answered by Nick-Portainer

Mar 17, 2025

Hi @awillinger-work Those labels aren't for use with the API. they are for stacks deployed outside of Portainer. You would want to run a PUT request to the /resource_controls/{id} endpoint using the ResourceControl.Id returned when the container is created.

https://app.swaggerhub.com/apis/portainer/portainer-ee/2.27.1#/resource_controls/ResourceControlUpdate

For example, if my container creation response is

{
    "Id": "24538bfb8992615879fd8a745fb9828dfce25a37d917a1af1af93917b1607e9e",
    "Portainer": {
        "ResourceControl": {
            "Id": 6,
...

I would make a PUT request to /resource_controls/6 and specify the setup I wanted (private, with team 7 to have access), team 7 bein…

View full answer

Nick-Portainer · 2025-03-17T03:34:34Z

Nick-Portainer
Mar 17, 2025
Maintainer

Hi @awillinger-work Those labels aren't for use with the API. they are for stacks deployed outside of Portainer. You would want to run a PUT request to the /resource_controls/{id} endpoint using the ResourceControl.Id returned when the container is created.

https://app.swaggerhub.com/apis/portainer/portainer-ee/2.27.1#/resource_controls/ResourceControlUpdate

For example, if my container creation response is

{
    "Id": "24538bfb8992615879fd8a745fb9828dfce25a37d917a1af1af93917b1607e9e",
    "Portainer": {
        "ResourceControl": {
            "Id": 6,
...

I would make a PUT request to /resource_controls/6 and specify the setup I wanted (private, with team 7 to have access), team 7 being the ID of the team.

{
  "administratorsOnly": false,
  "public": false,
  "teams": [
    7
  ],
  "users": []
}

1 reply

awillinger-work Mar 21, 2025
Author

Thanks, this appears to have worked fine.

I think it would also be a good idea to update the documentation with that information and maybe also link to the resource_controls doc: https://docs.portainer.io/advanced/access-control

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Portainer.io

Setting access control via API not working? #12594

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Portainer.io

Setting access control via API not working? #12594

awillinger-work Mar 14, 2025

Ask a Question!

Replies: 1 comment · 1 reply

Nick-Portainer Mar 17, 2025 Maintainer

awillinger-work Mar 21, 2025 Author

awillinger-work
Mar 14, 2025

Replies: 1 comment 1 reply

Nick-Portainer
Mar 17, 2025
Maintainer

awillinger-work Mar 21, 2025
Author