Solved: cannot create rest role access system manager

chinchillaking · ‎2022-05-20

Hi All,

We try create 9.10.1 RBAC access OnTap System Manage for operation as below.

- domain user with operation_team role as below cannot login System manager

- when domain user change to default readonly role, login System Manage no problem

- the operation_team missing /api/security compare with default readonly role, we try add /api/security but failed and display "Error: command failed: failed to set field "cmddirname" to "anti-ransomware volume""

- volume did not setup anti-ransomware

I cannot found solution in google or mysupport.netapp.com

chinchillaking · ‎2022-05-20

Hi TMACMD,

Thanks for your reply. But the role cannot add

But I found it was not /api/security compare with default readonly role issue, it was web services access issue, after add security and sysmgr in web access, login successful

View solution in original post

TMACMD · ‎2022-05-20

Try looking at the role first. Note this is the role and not the rest-role. They play together

security login role show -vserver cmode9101 -role operation_team

you may need to add a role

security login role add -vserver cmode9101 -role operation_team -cmddir “anti-ransomware volume” -access readonly

of course set the access as needed. Then try adding your rest-role again

chinchillaking · ‎2022-05-20

Hi TMACMD,

Thanks for your reply. But the role cannot add

But I found it was not /api/security compare with default readonly role issue, it was web services access issue, after add security and sysmgr in web access, login successful