https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/REST-API-quot-User-is-not-authorized-quot/m-p/441512#M431 <P><SPAN>certname should be same in cert create and install commands and also in login account creation step.<BR /><BR />[linux ~]$ openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout name.key -out name.pem -subj “/C=US/ST=NC/L=RTP/O=NetApp/<STRONG>CN=cert_user</STRONG>”<BR /><BR />security certificate install -type <STRONG>client-ca -cert-name&nbsp;cert_user</STRONG>&nbsp;-vserver &lt;cluster short name&gt;<BR /><BR />security login create -<STRONG>user-or-group-name cert_user</STRONG>&nbsp;-application ontapi -authentication-method cert<BR /></SPAN></P><P><SPAN>security login create -<STRONG>user-or-group-name cert_user</STRONG>&nbsp;-application http -authentication-method cert</SPAN></P><P>&nbsp;</P><P><SPAN>In&nbsp;&nbsp;</SPAN><A href="https://netapp.io/2020/06/25/cert4uid-pswd/" target="_blank" rel="nofollow noopener noreferrer">https://netapp.io/2020/06/25/cert4uid-pswd/&nbsp;</A>cert is created for cert_user but admin user is configured in ontap.</P><P>but david warn about user<BR /><EM>For the CN=cert_user this needs to be the user that will be connecting, so for admin again it would be CN=admin.</EM></P> Wed, 08 Feb 2023 02:32:59 GMT MOHANRAJB 2023-02-08T02:32:59Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/REST-API-quot-User-is-not-authorized-quot/m-p/441374#M428 <P>Hi,</P><P>&nbsp;</P><P>I try to connect via HTTP as part of this Ansible task:</P><PRE>- name: Get LUNs<BR />netapp.ontap.na_ontap_rest_info:<BR />hostname: '{{ ontap_host }}'<BR />cert_filepath: '{{ ontap_crt }}'<BR />key_filepath: '{{ ontap_key }}'<BR />gather_subset:<BR />- 'storage/luns'<BR />fields:<BR />- 'comment'<BR />https: True<BR />validate_certs: False<BR />register: lun_info</PRE><P>but receive:</P><PRE>Error using REST for version, error: {'code': '6691623', 'message': 'User is not authorized.'}.</PRE><P>The user and role should be configured correctly:</P><PRE>fc-netapp::&gt; security login show -user-or-group-name orchestrator<BR /><BR />Vserver: fc-netapp<BR />Second<BR />User/Group Authentication Acct Authentication<BR />Name Application Method Role Name Locked Method<BR />-------------- ----------- ------------- ---------------- ------ --------------<BR />orchestrator http cert georg_dev - none<BR /><BR />Vserver: vs_wilde<BR />Second<BR />User/Group Authentication Acct Authentication<BR />Name Application Method Role Name Locked Method<BR />-------------- ----------- ------------- ---------------- ------ --------------<BR />orchestrator http cert georg_dev - none<BR />2 entries were displayed.<BR /><BR />fc-netapp::&gt; security login rest-role show -role georg_dev<BR />Role Access<BR />Vserver Name API Level<BR />---------- ------------- ------------------- ------<BR />fc-netapp georg_dev /api/cluster all<BR />/api/cluster/ all<BR />vs_wilde georg_dev /api/storage all<BR />/api/storage/ all<BR />4 entries were displayed.</PRE><P>&nbsp;</P><P>A second user using username/passphrase authentication is able to connect using this role, only this new certificate based user won't work. I configured it according to <A href="https://netapp.io/2020/06/25/cert4uid-pswd/" target="_blank">https://netapp.io/2020/06/25/cert4uid-pswd/</A> and the variables shown above reference the respective certificate/key pair.</P><P>&nbsp;</P><P>What could I be missing?</P><P>&nbsp;</P><P>Thanks for any ideas!</P> Wed, 04 Jun 2025 09:53:19 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/REST-API-quot-User-is-not-authorized-quot/m-p/441374#M428 geeko 2025-06-04T09:53:19Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/REST-API-quot-User-is-not-authorized-quot/m-p/441512#M431 <P><SPAN>certname should be same in cert create and install commands and also in login account creation step.<BR /><BR />[linux ~]$ openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -keyout name.key -out name.pem -subj “/C=US/ST=NC/L=RTP/O=NetApp/<STRONG>CN=cert_user</STRONG>”<BR /><BR />security certificate install -type <STRONG>client-ca -cert-name&nbsp;cert_user</STRONG>&nbsp;-vserver &lt;cluster short name&gt;<BR /><BR />security login create -<STRONG>user-or-group-name cert_user</STRONG>&nbsp;-application ontapi -authentication-method cert<BR /></SPAN></P><P><SPAN>security login create -<STRONG>user-or-group-name cert_user</STRONG>&nbsp;-application http -authentication-method cert</SPAN></P><P>&nbsp;</P><P><SPAN>In&nbsp;&nbsp;</SPAN><A href="https://netapp.io/2020/06/25/cert4uid-pswd/" target="_blank" rel="nofollow noopener noreferrer">https://netapp.io/2020/06/25/cert4uid-pswd/&nbsp;</A>cert is created for cert_user but admin user is configured in ontap.</P><P>but david warn about user<BR /><EM>For the CN=cert_user this needs to be the user that will be connecting, so for admin again it would be CN=admin.</EM></P> Wed, 08 Feb 2023 02:32:59 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/REST-API-quot-User-is-not-authorized-quot/m-p/441512#M431 MOHANRAJB 2023-02-08T02:32:59Z