ONTAP Discussions

ActiveIQ Unified Manager Least Privilege Account

TMADOCTHOMAS

ActiveIQ Unified Manager documentation says the following about the local account used for discovery:

 

------------------------------------

This account must have the admin role with Application access set to ontapi, ssh, and http.

------------------------------------

 

My question: is this really accurate? I don't see why it requires the admin role since AIUM is just reading data to populate charts and tables. Anyone have insight here? We are trying to reduce service accounts to the least amount of permissions needed and I'm thinking this is a good candidate for reduction, but documentation says otherwise.

2 REPLIES 2

Mjizzini

This account must have the admin role with Application access set to ontapi, ssh, and http

 

Unable to add cluster to Active IQ Unified Mana

TMADOCTHOMAS

Okay thank you @Mjizzini. Are there any recommendations to securing this account since it has to have these rights?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public