ONTAP Discussions

PowerShell - user 'ReadOnly' does not have write access to this resource

goodmanr0732
1,918 Views

We have a number of PowerShell scripts using the NetApp PowerShell toolkit modules that run against our AFF's. We are using an ID that is assigned the readonly role yet every time it runs a get command I see an error in the ONTAP audit logs stating that there is insufficient privileges and does not have access to write to this resource. Seems that every time PowerShell connects it is trying to write to a file in /etc/powershell but doesn't have permissions as it's part of the readonly role. Is there a permissions that can be given that would allow it to write to that file or a way to prevent powershell from trying to write to it? Or a different solution?

 

We are running ONTAP 9.8 and version 9.8 of the PowerShell toolkit.

 

[kern_audit:info:2421] 8503e800000ea6ad :: cluster-name:ontapi :: 10.99.99.99:62003 :: cluster-name:ReadOnlyID :: <netapp version='1.0' xmlns='http://www.netapp.com/filer/admin'><system-cli>^M <args>^M <arg>node</arg>^M <arg>run</arg>^M <arg>name-name</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>/etc/powershell</arg>^M <arg>;</arg>^M <arg>node</arg>^M <arg>run</arg>^M <arg>node-name</arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>-a</arg>^M <arg>/etc/powershell</arg>^M <arg>// File generated by the Data ONTAP PowerShell Toolkit: powershell.usagelog.version=1: powershell.usagelog.lastupdated=1638091998: powershell.cmdlet.CONNECTNCCONTROLLER.count=1: powershell.cmdlet.GETNCSNAPMIRROR.count=1: powershell.usagelog.timestamp=1638091998: </arg>^M </args>^M <priv>advanceSun Nov 28 09:33:19 2021;10.88.88.88; <14>Nov 28 09:33:19 node-name: node-name: 00000014.0127ad1f 00c485b4 Sun Nov 28 2021 09:33:18 -06:00 [kern_audit:info:2421] 8503e800000ea6ad :: cluster-name:ontapi :: 10.99.99.99:62003 :: cluster-name:ReadOnlyID :: system-cli :: Error: Insufficient privileges: user 'ReadOnlyID' does not have write access to this resource

1 ACCEPTED SOLUTION
1 REPLY 1
Public