Microsoft Virtualization Discussions

ReadOnly Permissions?

ptukadmin80s
4,553 Views

Hi,

Can someone please let me know what role(s) is required as a minimum to connect and collect information from the controllers (ReadOnly access)?

I need to grant a service-account access to schedule reports.

I currently get this error:

Connect-NaController : User DOMAIN\username does not have capability to invoke API system-get-ontapi-version.

Thanks,

Martin

3 REPLIES 3

beam
4,553 Views

Hi Martin,

The required capabilities to use Connect-NaController are: api-system-get-ontapi-version, api-system-get-version.  You can use Get-NaHelp to see which Api is used by a given cmdlet.  For example:

PS C:\Users\Administrator> Get-NaHelp Get-NaSnapshot

Name                                    Api                                     Category

----                                    ---                                     --------

Get-NaSnapshot                          {snapshot-list-info}                    snapshot

In order to use Get-NaSnapshot, the user must have the capability api-snapshot-list-info.

-Steven

ptukadmin80s
4,553 Views

Hi Steven,

Thanks, so I guess then I need to cross reference what capabilities each cmdlet requires, create a new role and push it out to each controller?

Thanks,

Martin

ptukadmin80s
4,553 Views

Just to let you know that I also found a post that is listing the required capabilities and script:

https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/blog/2011/09/29/read-only-user-for-powershell-toolkit-and-system-...

Thanks

/M

Public