https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127837#M317 <P>Hi,</P><P>&nbsp;</P><P>Cinder and Glance are working ok with Netapp FAS8020 ontap 8.3 (NFS). We have a copy offload license and this is also working fine.</P><P>&nbsp;</P><P>However the volume log in Cinder contains permissions errors&nbsp; as follows -</P><P>&nbsp;</P><P>&nbsp;ERROR cinder.volume.drivers.netapp.dataontap.performance.perf_cmode NaApiError: NetApp API failed. Reason - 13003:Insufficient privileges: user 'openstack' does not have read access to this resource</P><P>&nbsp;</P><P>and on the netapp command log -</P><P>&nbsp;</P><P>&nbsp;[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: &lt;netapp xmlns="<A href="http://www.netapp.com/filer/admin" target="_blank">http://www.netapp.com/filer/admin</A>" version="1.31"&gt;&lt;qos-policy-group-delete-iter&gt;&lt;max-records&gt;3500&lt;/max-records&gt;&lt;query&gt;&lt;qos-policy-group-info&gt;&lt;policy-group&gt;deleted_cinder_*&lt;/policy-group&gt;&lt;vserver&gt;[vserver_name]&lt;/vserver&gt;&lt;/qos-policy-group-info&gt;&lt;/query&gt;&lt;return-success-list&gt;false&lt;/return-success-list&gt;&lt;return-failure-list&gt;false&lt;/return-failure-list&gt;&lt;continue-on-failure&gt;true&lt;/continue-on-failure&gt;&lt;/qos-policy-group-delete-iter&gt;&lt;/netapp&gt; :: Pending<BR />&nbsp;[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: Insufficient privileges: user 'openstack' does not have write access to this resource :: ONTAPI :: Error</P><P>&nbsp;</P><P>Any ideas what may be causing this error.?</P><P>The NetApp role was set up as per NetApp documentation here -</P><P>&nbsp;</P><P><A href="http://netapp.github.io/openstack-deploy-ops-guide/mitaka/content/cinder.fas.configuration.html#cinder.cdot.account_permissions" target="_blank">http://netapp.github.io/openstack-deploy-ops-guide/mitaka/content/cinder.fas.configuration.html#cinder.cdot.account_permissions</A></P><P>&nbsp;</P><P>The user is a cluster level user</P> Wed, 04 Jun 2025 15:29:08 GMT openstack1 2025-06-04T15:29:08Z https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127837#M317 <P>Hi,</P><P>&nbsp;</P><P>Cinder and Glance are working ok with Netapp FAS8020 ontap 8.3 (NFS). We have a copy offload license and this is also working fine.</P><P>&nbsp;</P><P>However the volume log in Cinder contains permissions errors&nbsp; as follows -</P><P>&nbsp;</P><P>&nbsp;ERROR cinder.volume.drivers.netapp.dataontap.performance.perf_cmode NaApiError: NetApp API failed. Reason - 13003:Insufficient privileges: user 'openstack' does not have read access to this resource</P><P>&nbsp;</P><P>and on the netapp command log -</P><P>&nbsp;</P><P>&nbsp;[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: &lt;netapp xmlns="<A href="http://www.netapp.com/filer/admin" target="_blank">http://www.netapp.com/filer/admin</A>" version="1.31"&gt;&lt;qos-policy-group-delete-iter&gt;&lt;max-records&gt;3500&lt;/max-records&gt;&lt;query&gt;&lt;qos-policy-group-info&gt;&lt;policy-group&gt;deleted_cinder_*&lt;/policy-group&gt;&lt;vserver&gt;[vserver_name]&lt;/vserver&gt;&lt;/qos-policy-group-info&gt;&lt;/query&gt;&lt;return-success-list&gt;false&lt;/return-success-list&gt;&lt;return-failure-list&gt;false&lt;/return-failure-list&gt;&lt;continue-on-failure&gt;true&lt;/continue-on-failure&gt;&lt;/qos-policy-group-delete-iter&gt;&lt;/netapp&gt; :: Pending<BR />&nbsp;[kern_command-history:info:909] ontapi :: [ip address] :: openstack :: Insufficient privileges: user 'openstack' does not have write access to this resource :: ONTAPI :: Error</P><P>&nbsp;</P><P>Any ideas what may be causing this error.?</P><P>The NetApp role was set up as per NetApp documentation here -</P><P>&nbsp;</P><P><A href="http://netapp.github.io/openstack-deploy-ops-guide/mitaka/content/cinder.fas.configuration.html#cinder.cdot.account_permissions" target="_blank">http://netapp.github.io/openstack-deploy-ops-guide/mitaka/content/cinder.fas.configuration.html#cinder.cdot.account_permissions</A></P><P>&nbsp;</P><P>The user is a cluster level user</P> Wed, 04 Jun 2025 15:29:08 GMT https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127837#M317 openstack1 2025-06-04T15:29:08Z https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127872#M319 <P>Might be handy to post a trial of creating/deleteing QOS from Clustershell using this user on involved vols and Vserver&nbsp;and then we dig deeper into this.</P><P>&nbsp;</P><P>Best Regards,</P><P>Bishoy</P> Wed, 08 Feb 2017 14:32:12 GMT https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127872#M319 Bishoy 2017-02-08T14:32:12Z https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127888#M322 <P>In your <FONT face="courier new,courier"><STRONG>cinder.conf</STRONG></FONT>, do you have the value of&nbsp;<FONT face="courier new,courier"><STRONG>netapp_server_hostname</STRONG></FONT> set as the IP address of<EM>&nbsp;the<STRONG> cluster management LIF</STRONG>?&nbsp;</EM>You're on the right track with respect to using the Cluster-scoped account.</P><P>&nbsp;</P><P>Just to reiterate, the "<FONT face="courier new,courier">qos policy-group</FONT>" command requires a Cluster-scoped account, and you need to ensure that you have&nbsp;<FONT face="courier new,courier">netapp_server_hostname</FONT>&nbsp;in your cinder.conf set as the IP address of the cluster management LIF.</P> Thu, 09 Feb 2017 00:26:43 GMT https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127888#M322 SumitK 2017-02-09T00:26:43Z https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127904#M324 <P>Yes the cinder.conf correctly has the cluster management LIF ip address.</P><P>&nbsp;</P><P>A ticket has been opened with NetApp support. I will report back on any progress</P> Thu, 09 Feb 2017 13:17:19 GMT https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/127904#M324 openstack1 2017-02-09T13:17:19Z https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/129532#M327 <P>I have already addressed this with support</P><P>&nbsp;</P><P><A href="https://bugs.launchpad.net/cinder/+bug/1670879&nbsp;" target="_blank">https://bugs.launchpad.net/cinder/+bug/1670879&nbsp;</A></P> Wed, 29 Mar 2017 03:07:47 GMT https://community.netapp.com/t5/OpenStack-Discussions/Cinder-Mitaka-RH-OSP9-insufficient-privileges-qos-policy-group/m-p/129532#M327 Bishoy 2017-03-29T03:07:47Z