https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158300#M89 <P>I'm not sure if this is documented well somewhere, I didn't see it.</P> Wed, 05 Aug 2020 15:21:27 GMT RobertBlackhart 2020-08-05T15:21:27Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158286#M86 <P>Hi guys</P> <P>&nbsp;</P> <P>I have made a REST API user with the permissions for reading volumes and svms (via security login rest-role on an ONTAP 9.6 system). The commands are working perfect but this user can't read /docs/api. Is there an additional permission for this?</P> <P>&nbsp;</P> <P>Thanks for help!</P> Wed, 04 Jun 2025 10:58:29 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158286#M86 isc-dario 2025-06-04T10:58:29Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158292#M87 <P>Hi isc-dario,</P> <P>&nbsp;</P> <P>Yes, there is one more piece of access that you need to grant in order to allow custom roles to see the Swagger UI. Here is my cluster configuration that mimics what I think you have already done:</P> <LI-CODE lang="markup">mycluster::&gt; security login show -user-or-group-name restviewer Vserver: mycluster Second User/Group Authentication Acct Authentication Name Application Method Role Name Locked Method -------------- ----------- ------------- ---------------- ------ -------------- restviewer http password restviewer no none mycluster::&gt; security login rest-role show -role restviewer Role Access Vserver Name API Level ---------- ------------- ------------------- ------ mycluster restviewer /api/storage/volumes readonly /api/svm/svms readonly 2 entries were displayed. </LI-CODE> <P>With this setup, I get a 401 if I try to log in with the restviewer account. So the other thing that needs done is to allow access to the web service for that role like this:</P> <LI-CODE lang="markup">mycluster::&gt; vserver services web access create -vserver mycluster -name docs-api -role restviewer mycluster::&gt;</LI-CODE> <P>After adding that, the docs page at /docs/api will load. However, there is a bug that I found while reproducing your issue. After you enter the credentials the first time and the docs load, another credential popup is shown. Entering the credentials again will not work. The workaround is to cancel the second authentication dialog. Then you can browse the docs normally.</P> <P>&nbsp;</P> <P>If you want to track the progress of the bug to fix this issue, you can view this link (may take some time to be live):&nbsp;<A href="https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=1342377" target="_blank">https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=1342377</A></P> Wed, 05 Aug 2020 14:11:11 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158292#M87 RobertBlackhart 2020-08-05T14:11:11Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158293#M88 <P>Hi Robert</P> <P>&nbsp;</P> <P>Thank you! Worked! Did I miss this part in the documentation?</P> <P>&nbsp;</P> <P>Thanks, Dario</P> Wed, 05 Aug 2020 14:25:28 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158293#M88 isc-dario 2020-08-05T14:25:28Z https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158300#M89 <P>I'm not sure if this is documented well somewhere, I didn't see it.</P> Wed, 05 Aug 2020 15:21:27 GMT https://community.netapp.com/t5/ONTAP-Rest-API-Discussions/ONTAP-REST-docs-api-permissions/m-p/158300#M89 RobertBlackhart 2020-08-05T15:21:27Z