https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447983#M214 <P>I originally had Data Collectors setup in Cloud Insights using cluster admin credentials.&nbsp; I just followed the steps at&nbsp;<A href="https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions" target="_blank" rel="noopener">https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions</A>&nbsp;in the "Permissions when adding via<SPAN>&nbsp;</SPAN><STRONG>Cluster Management IP</STRONG>:"&nbsp; section and the cmddirs in the role that was created all match and the ssh and ontapi access were granted, but when I switched the credentials in the collector to this new account the collectors fail and I get this when I test the connection "<SPAN>Configuration: Failed to execute test command on device - NetApp ONTAP zapi communication failed: cluster-identity-get failed: Insufficient privileges: user 'csuser' does not have read access to this resource."</SPAN></P><P>&nbsp;</P><LI-CODE lang="markup">Oriole::&gt; security login role show -vserver Oriole -role csrole Role Command/ Access Vserver Name Directory Query Level ---------- ------------- --------- ----------------------------------- -------- Oriole csrole DEFAULT none event catalog all event filter all event notification all event notification destination all network interface readonly security certificate all version readonly volume readonly volume snapshot -snapshot cloudsecure_* all vserver readonly vserver fpolicy all 12 entries were displayed.</LI-CODE><LI-CODE lang="markup">Oriole::&gt; security login show -role csrole Vserver: Oriole Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- csuser ontapi password csrole no none csuser ssh password csrole no none 2 entries were displayed.</LI-CODE> Wed, 04 Jun 2025 09:44:22 GMT Stormont 2025-06-04T09:44:22Z https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447983#M214 <P>I originally had Data Collectors setup in Cloud Insights using cluster admin credentials.&nbsp; I just followed the steps at&nbsp;<A href="https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions" target="_blank" rel="noopener">https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions</A>&nbsp;in the "Permissions when adding via<SPAN>&nbsp;</SPAN><STRONG>Cluster Management IP</STRONG>:"&nbsp; section and the cmddirs in the role that was created all match and the ssh and ontapi access were granted, but when I switched the credentials in the collector to this new account the collectors fail and I get this when I test the connection "<SPAN>Configuration: Failed to execute test command on device - NetApp ONTAP zapi communication failed: cluster-identity-get failed: Insufficient privileges: user 'csuser' does not have read access to this resource."</SPAN></P><P>&nbsp;</P><LI-CODE lang="markup">Oriole::&gt; security login role show -vserver Oriole -role csrole Role Command/ Access Vserver Name Directory Query Level ---------- ------------- --------- ----------------------------------- -------- Oriole csrole DEFAULT none event catalog all event filter all event notification all event notification destination all network interface readonly security certificate all version readonly volume readonly volume snapshot -snapshot cloudsecure_* all vserver readonly vserver fpolicy all 12 entries were displayed.</LI-CODE><LI-CODE lang="markup">Oriole::&gt; security login show -role csrole Vserver: Oriole Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- csuser ontapi password csrole no none csuser ssh password csrole no none 2 entries were displayed.</LI-CODE> Wed, 04 Jun 2025 09:44:22 GMT https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447983#M214 Stormont 2025-06-04T09:44:22Z https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447984#M215 <P>That looks like the requirements doc for Workload Security aka Cloud Secure.</P><P>&nbsp;</P><P><A href="https://docs.netapp.com/us-en/cloudinsights/task_dc_na_cdot.html#ontap-power-metrics" target="_blank">https://docs.netapp.com/us-en/cloudinsights/task_dc_na_cdot.html#ontap-power-metrics</A></P><P>&nbsp;</P><P>This link should be more useful for the getting Cloud Insights collecting with a least privilege user</P> Sat, 30 Sep 2023 00:47:11 GMT https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447984#M215 ostiguy 2023-09-30T00:47:11Z https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447985#M216 <P>Thank you!</P> Sat, 30 Sep 2023 01:57:50 GMT https://community.netapp.com/t5/Data-Infrastructure-Insights/cluster-identity-get-failed/m-p/447985#M216 Stormont 2023-09-30T01:57:50Z