Microsoft Virtualization Discussions
Does anyone have an idea about what minimum permissions is required to connect to ontap?
I am using the default readonly role and every read command that I have tried works.However in the auditlogs I keep getting an Insufficient privileges.The Connect-NcController tries to write to a file /etc/powershell.
The audit log shows the following :
<netapp version='1.0' xmlns='http://www.netapp.com/filer/admin'><system-cli>^M <args>^M <arg>node</arg>^M <arg>run</arg>^M <arg>controller-a</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>/etc/powershell</arg>^M <arg>;</arg>^M <arg>node</arg>^M <arg>run</arg>^M <arg>controller-a</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>-a</arg>^M <arg>/etc/powershell</arg>^M <arg>// File generated by the Data ONTAP PowerShell Toolkit: powershell.usagelog.version=1: powershell.usagelog.lastupdated=1644250226: powershell.cmdlet.CONNECTNCCONTROLLER.count=1: powershell.cmdlet.GETNCVOL.count=1: powershell.usagelog.timestamp=1644250226: </arg>^M </args>^M <priv>advanced</priv>^M </system-cli></netapp>^M :: Pending:
See The Solution
For anyone else that has this issue, I found a workaround by setting the variable "$DataONTAP_SkipEmsReport = $true"
View solution in original post
Others have had the same question. Please see if the below link helps to answer your question.
Hi and thank you for your replay.
I have read those suggestions and unfortunatly they do not help.I am using the readonly role and it has the default command with permission readonly as mentioned in one of those posts.
Here is the permissions from the readonly role if that helps.
Command/ AccessDirectory Query Level--------- ----------------------------------- --------DEFAULT readonlysecurity readonlysecurity login password allsecurity login publickey allsecurity login role show-user-capability allset all
NetApp Wins One Silver and One Bronze Stevie® Award in 2022 Stevie Awards for Sales and Customer Service
Live Chat, Watch Parties, and More!
Engage digitally throughout the sales process, from product discovery to conﬁguration, and handle all your post-purchase needs.