I'm trying to abide by the Least Privilege model and create a role that only has the privileges needed to run a PowerShell script I plan to run that has these cmdlets:  Connect-NcController Get-NcFile new-ncsymlink add-nccifssymlink Remove-NcCifsSymlink Remove-NcFile I have figured out that the Connect-NcController runs a few APIs before it returns so it needs exact privileges. Here is what I have in my role so far: > security login rest-role show -vserver prod1 -role createlink Role Access Vserver Name API Level ---------- ------------- ------------------- ------ prod1 createlink /api/cluster readonly /api/protocols/cifs/unix-symlink-mapping all /api/storage/volumes readonly "/api/storage/volumes/*/files" all /api/svms readonly When I run Connect-NcController, pointing to a vserver, with the credentials of the account that is assigned the limited role, it seems to connect just fine. However, no matter which cmdlet I run afterward, I get the following error: The remote server returned an error: (403) Forbidden. After that one failed cmdlet, the rest of them run just fine. If I authenticate with an account that has more privileges (e.g. vsadmin-volume) it doesn't have this issue. So, I assume it is a privilege problem, but I have no way of knowing which one. As far as I can tell 'security audit log show' doesn't show API calls that were declined for lack of permission so I can't figure it out that way. I already added the /api/clusters and /api/svms to get as far as I have.   One oddity that I did see from 'security audit log show' was when I run with the limited role, I see this API get called, but never finish (i.e. I only see the "Pending" and not "Sucess" or "Error") GET /api/private/cli/system/node/virtual-machine/instance/show-settings?fields=consumer :: Pending When I run with an account with more privileges, that API call finishes. I tried giving permissions to that API path to my limited role, but it didn't seem to help, in that the problem is still there, and that API never seems to generate any results.   If anyone has any ideas how to resolve this problem, I would be greatly appreciative. Is there a way to get the cmdlets to show the APIs it is making?   And if you can't help with that, can you help me totally suppress the error message? I tried adding -ErrorAction SilentlyContintue but I still see an error.   Here is the script I am running: $controller = "198.19.255.116" # Vserver Management port # # This is the path to where you want the symbolic link to reside using # a full path starting with /vol/volume_name/ $fileToCreate = "/vol/app1/testlink" # # This is where you want the link to point to. It should NOT start with # /vol/volume_name/ and MUST end with a '/'. For a UNIX client, it will # be redirected to this path. $whereToPointTo = "/test-destination/subdir/" # # For a CIFS client, with a CIFS Symbolic link, they don't follow the # path the UNIX link points to, it is more of a pattern match # and is replaced with what $cifsPath is set to. $cifsPath = "/cifspath/" # # If using a "wide" CIFS Symbolic link, the client can be redirected to # another CIFS share as well as the path. But, in this case, we are # using a "local" CIFS Symbolic Link, so the client will be redirected # to the same share where the link resides. $shareName = "app1" # # Create credentials based on the username and password above. $connection = Connect-NcController -Name $controller -Credential(Get-Credential) if ($connection -ne $null) { Write-Host "Connected to $controller as $username." # # Since for some strings reason the first call always fails, so just do one and ignore it. # Unfortunately, this command generates an error message no matter what I set the ErrorAction # to. There might be another command that will honor it. Get-NcFile -Path $fileToCreate -ErrorAction SilentlyContinue -WarningAction SilentlyContinue } else { Write-Host "Failed to connect to $controller!" exit } # # Check to see if the file already exists. If it does, remove it. $fileProperties = Get-NcFile -Path $fileToCreate -ErrorAction SilentlyContinue -WarningAction SilentlyContinue if ($fileProperties -ne $null ) { write-host "Removing cifssymlink $whereToPointTo" Remove-NcCifsSymlink -UnixPath $whereToPointTo -Confirm:$false Write-Host "Removing UNIX link $fileToCreate" Remove-NcFile -Path $fileToCreate -Confirm:$false } write-host "Creating new UNIX symlink $fileToCreate to $whereToPointTo" new-ncsymlink –target $whereToPointTo –linkname $fileToCreate write-host "Creating new cifs symlink for $whereToPointTo should redirect to $sharename$whereToPointTo$cifsPath" add-nccifssymlink –unixpath $whereToPointTo -cifspath $cifsPath -locality local –sharename $shareName   ... View more

  Storage is running ONTAP 9.14.1, and Powershell toolkit is 9.16.1.2501. I'm trying to use the ONTAP Powershell toolkit on storage that's connected to AD to set up user quotas. Powershell entered a command to generate a user quota and got an error message   PS > $Volume = 'userdata_test' PS > $UserID = '1653409' PS > $VServer = ‘svm1_main' PS > New-NcQuota -Volume $Volume -Qtree "" -QuotaTarget $UserID -QuotaType User -DiskLimit 5GB -VserverContext $VServer New-NcQuota : The term 'New-NcQuota' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. + New-NcQuota -Volume $Volume -Qtree "" -QuotaTarget  ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFoundL(New-NcQuota:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException     What command should I use to create userquota using Powershell toolkit?   Thanks&Regards, Geum   ... View more

i'm trying to get all cifs options from a svm via pstk (9.16.1.2501) using option -ZapiCall gives me all the options with values. Without this option there are only some options populated with settings, for most of them i see the value false. studying the help for the command didnt reveal how to do this via rest. Any help is appreciated.   ... View more

Deal All, I have installed ONTAP PowerShell Toolkit 9.15.1 to automate health check report. Executing below command does not show used space both for aggregates and volumes get-ncaggr get-ncvol I m using ONTAP version 9.12.x  but the ONTAP PowerShell Toolkit is at  9.15.1.  m i missing anything ?  Appreciate you guidance.   ... View more

PowerShell Toolkit 9.16.1を使用するためのシステム要件について確認させてください。 PowerShell Toolkitをインストール予定のWindows2022サーバは現在.NET Framework 4.8が導入されていますが、 システム要件に記載がある.NET Framework 4.7.2 以外は動作しないのでしょうか？ NetApp.ONTAP PowerShell ToolkitのインストールURLに下記記載があるのは確認済みとなっております。 https://mysupport.netapp.com/site/tools/tool-eula/ontap-powershell-toolkit Operating System Version Microsoft Windows PowerShell 5.1 or 7.3.4 or later Microsoft .NET Framework .NET Framework 4.7.2 Microsoft Windows 8.1,10, Server 2012 R2, 2016, 2019 ,2022 ... View more