Active IQ Unified Manager Discussions

RBAC API In System manager

arthursc0
2,982 Views

I am trying with poor success to just create a single role for users to access systems manager with access to ALL "containers" with read-only access.

I have followed some of the examples in TR-3358 with some success but the most annoying thing with this app is it is as buggy and as beetle bank.

If any of you out there have a simple idea how I can go about this then I would be eteranlly greatful

Regards

Colin.

3 REPLIES 3

rle
NetApp Alumni
2,982 Views

Hi Colin -

What have you tired?

There is no simple way to do this.  You will have to create a user in a group with one or more read-only roll(s) that allow access to APIs that list.  Unfortunately, System Manager does't check if the API is accessible before calling it.  Also some System Manager operations are done with CLI commands and SNMP.

Regards,

   - Rick -

arthursc0
2,982 Views

Hi rick,

I followed the example in TR-3358 section 5.4. That is ok but throws up errors relating to CIFS, NFS and license-list-info.

The API capability chart is fine but that only gives the main command and no sub-commands. I also really only want to give read only access to ALL containers so users can view.

I am happy using filer-view-only option via cli but filerview will be dead in OnTap 8.1 so need to start planning for that, hense SM API.

Regards

Colin.

robin
2,982 Views

Hi guys,

is there any solution for this topic?

As Rick mentioned, a valid capability list with the sub-commands included would be more than usefull.

TR-3358 doesnt really help.

cheers,

rob

Public