I originally had Data Collectors setup in Cloud Insights using cluster admin credentials. I just followed the steps at https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions in the "Permissions when adding via Cluster Management IP:" section and the cmddirs in the role that was created all match and the ssh and ontapi access were granted, but when I switched the credentials in the collector to this new account the collectors fail and I get this when I test the connection "Configuration: Failed to execute test command on device - NetApp ONTAP zapi communication failed: cluster-identity-get failed: Insufficient privileges: user 'csuser' does not have read access to this resource."
Oriole::> security login role show -vserver Oriole -role csrole
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
Oriole csrole DEFAULT none
event catalog all
event filter all
event notification all
event notification destination all
network interface readonly
security certificate all
version readonly
volume readonly
volume snapshot -snapshot cloudsecure_* all
vserver readonly
vserver fpolicy all
12 entries were displayed.
Oriole::> security login show -role csrole
Vserver: Oriole
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
csuser ontapi password csrole no none
csuser ssh password csrole no none
2 entries were displayed.
