https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Lock-Down-REST-api-Role/m-p/152596#M23 <P><SPAN>We have an app that is using the OnTap REST api to create snapshots of specific volumes.</SPAN></P> <DIV>&nbsp;</DIV> <DIV>We would like to create a service account that ONLY has the rights to<SPAN>&nbsp;</SPAN>create snapshots&nbsp;on&nbsp;<STRONG>specified</STRONG> volumes.</DIV> <DIV>&nbsp;</DIV> <DIV>Using the CLI we can create a "rest-role" that has<SPAN>&nbsp;</SPAN><STRONG>all</STRONG>&nbsp;access to<SPAN>&nbsp;</SPAN><STRONG>all volumes:</STRONG></DIV> <DIV>&nbsp;</DIV> <DIV><EM>modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>But when we try to lock this down to a specific operation:</DIV> <DIV>&nbsp;</DIV> <DIV><EM>create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>we get "URI does not exist"</DIV> <DIV>&nbsp;</DIV> <DIV>and if we try to use the actual URI called by the app (including the volume ID):</DIV> <DIV>&nbsp;</DIV> <DIV><EM>create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-<WBR />a06b-4da4-931d-ee22f7bffeec/<WBR />snapshots -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>we get "Invalid character detected in URI."</DIV> <DIV>&nbsp;</DIV> <DIV>How are we meant to lock the role down effectively?</DIV> Tue, 26 Nov 2019 16:51:02 GMT lcr 2019-11-26T16:51:02Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Lock-Down-REST-api-Role/m-p/152596#M23 <P><SPAN>We have an app that is using the OnTap REST api to create snapshots of specific volumes.</SPAN></P> <DIV>&nbsp;</DIV> <DIV>We would like to create a service account that ONLY has the rights to<SPAN>&nbsp;</SPAN>create snapshots&nbsp;on&nbsp;<STRONG>specified</STRONG> volumes.</DIV> <DIV>&nbsp;</DIV> <DIV>Using the CLI we can create a "rest-role" that has<SPAN>&nbsp;</SPAN><STRONG>all</STRONG>&nbsp;access to<SPAN>&nbsp;</SPAN><STRONG>all volumes:</STRONG></DIV> <DIV>&nbsp;</DIV> <DIV><EM>modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>But when we try to lock this down to a specific operation:</DIV> <DIV>&nbsp;</DIV> <DIV><EM>create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>we get "URI does not exist"</DIV> <DIV>&nbsp;</DIV> <DIV>and if we try to use the actual URI called by the app (including the volume ID):</DIV> <DIV>&nbsp;</DIV> <DIV><EM>create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-<WBR />a06b-4da4-931d-ee22f7bffeec/<WBR />snapshots -access all</EM></DIV> <DIV>&nbsp;</DIV> <DIV>we get "Invalid character detected in URI."</DIV> <DIV>&nbsp;</DIV> <DIV>How are we meant to lock the role down effectively?</DIV> Tue, 26 Nov 2019 16:51:02 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Lock-Down-REST-api-Role/m-p/152596#M23 lcr 2019-11-26T16:51:02Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Lock-Down-REST-api-Role/m-p/164282#M180 <P>we are having the same problem.<BR />Did you get/found any solution for that until now?</P><P>&nbsp;</P><P>Best Regards,</P><P>Klaus</P> Tue, 23 Feb 2021 11:41:38 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/Lock-Down-REST-api-Role/m-p/164282#M180 klmi 2021-02-23T11:41:38Z