Microsoft Virtualization Discussions

ReadOnly Permissions?

ptukadmin80s

Hi,

Can someone please let me know what role(s) is required as a minimum to connect and collect information from the controllers (ReadOnly access)?

I need to grant a service-account access to schedule reports.

I currently get this error:

Connect-NaController : User DOMAIN\username does not have capability to invoke API system-get-ontapi-version.

Thanks,

Martin

3 REPLIES 3

beam

Hi Martin,

The required capabilities to use Connect-NaController are: api-system-get-ontapi-version, api-system-get-version.  You can use Get-NaHelp to see which Api is used by a given cmdlet.  For example:

PS C:\Users\Administrator> Get-NaHelp Get-NaSnapshot

Name                                    Api                                     Category

----                                    ---                                     --------

Get-NaSnapshot                          {snapshot-list-info}                    snapshot

In order to use Get-NaSnapshot, the user must have the capability api-snapshot-list-info.

-Steven

ptukadmin80s

Hi Steven,

Thanks, so I guess then I need to cross reference what capabilities each cmdlet requires, create a new role and push it out to each controller?

Thanks,

Martin

ptukadmin80s

Just to let you know that I also found a post that is listing the required capabilities and script:

https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/blog/2011/09/29/read-only-user-for-powershell-toolkit-and-system-...

Thanks

/M

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public