Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Start a New Post

Connecting to cluster generates a "Insufficient privileges" when using the default readonly role

cc2
‎2022-02-07 07:20 AM

Hi,

Does anyone have an idea about what minimum permissions is required to connect to ontap? 

I am using the default readonly role and every read command that I have tried works.
However in the auditlogs I keep getting an Insufficient privileges.

The Connect-NcController tries to write to a file  /etc/powershell.

The audit log shows the following :

 

<netapp version='1.0' xmlns='http://www.netapp.com/filer/admin'><system-cli>^M <args>^M <arg>node</arg>^M <arg>run</arg>^M <arg>controller-a</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>/etc/powershell</arg>^M <arg>;</arg>^M <arg>node</arg>^M <arg>run</arg>^M <arg>controller-a</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>-a</arg>^M <arg>/etc/powershell</arg>^M <arg>// File generated by the Data ONTAP PowerShell Toolkit: powershell.usagelog.version=1: powershell.usagelog.lastupdated=1644250226: powershell.cmdlet.CONNECTNCCONTROLLER.count=1: powershell.cmdlet.GETNCVOL.count=1: powershell.usagelog.timestamp=1644250226: </arg>^M </args>^M <priv>advanced</priv>^M </system-cli></netapp>^M :: Pending:

0 Kudos
View By:
1 ACCEPTED SOLUTION

cc2
‎2022-02-17 11:30 PM

For anyone else that has this issue, I found a workaround by setting the variable "$DataONTAP_SkipEmsReport = $true"

View solution in original post

0 Kudos
3 REPLIES 3

NetApp_SR
NetApp
‎2022-02-08 07:08 PM

Others have had the same question. Please see if the below link helps to answer your question.

 

https://community.netapp.com/t5/ONTAP-Discussions/PowerShell-user-ReadOnly-does-not-have-write-access-to-this-resource/td-p/429950

 

0 Kudos

cc2
‎2022-02-08 11:19 PM
In response to NetApp_SR

Hi and thank you for your replay.

I have read those suggestions and unfortunatly they do not help.
I am using the readonly role and it has the default command with permission readonly as mentioned in one of those posts.

 

Here is the permissions from the readonly role if that helps.

Command/ Access
Directory Query Level
--------- ----------------------------------- --------

DEFAULT readonly
security readonly
security login password all
security login publickey all
security login role show-user-capability all
set all

0 Kudos

cc2
‎2022-02-17 11:30 PM

For anyone else that has this issue, I found a workaround by setting the variable "$DataONTAP_SkipEmsReport = $true"

0 Kudos
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2022 NetApp Cookies settings
Let us know
Public