For the clustered ONTAP cmdlets, there is a little bit more work you need to do. The help documents list the API the command uses, then you need to use that information to map the API to a CLI command using the "show-ontapi" CLI command. For example:
PS C:\Users\SBeam> Get-NcHelp Get-NcVol | select API
PS C:\Users\SBeam> Invoke-NcSsh "security login role show-ontapi -ontapi volume-get-iter"
I want to do this for security purposes, I work in a least privileges environment meaning any login whether API, SSH to the Filers has the least amount of privileges it needs to function.
Without going into detail many Financial and Healthcare regulations mandate this, without it you will fail an audit and as a company could be fined or shut down.
On a practical note, this script is running as an account on the Filer from a remote server, if you give the user this script runs as administrative privileges because its too difficult to restrict which ones it needs. What happens if that account gets compromised? What if the over privileged account loops through your Filers running "aggr offline/destroy"??
I also can't see an auditor being impressed when they ask "why does it have admin rights on the Filer" and you answer"because it was a bit difficult to work out what it needed".
Do you run everything as root on Linux boxes or Administrator on Windows boxes?
Re: Determining Ontap privileges needed for powershell script