ONTAP Rest API Discussions

Lock Down REST api Role

lcr

We have an app that is using the OnTap REST api to create snapshots of specific volumes.

 
We would like to create a service account that ONLY has the rights to create snapshots on specified volumes.
 
Using the CLI we can create a "rest-role" that has all access to all volumes:
 
modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all
 
But when we try to lock this down to a specific operation:
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all
 
we get "URI does not exist"
 
and if we try to use the actual URI called by the app (including the volume ID):
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-a06b-4da4-931d-ee22f7bffeec/snapshots -access all
 
we get "Invalid character detected in URI."
 
How are we meant to lock the role down effectively?
1 REPLY 1

klmi

we are having the same problem.
Did you get/found any solution for that until now?

 

Best Regards,

Klaus

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public