NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Rest API Discussions

Lock Down REST api Role

lcr
3,393 Views

We have an app that is using the OnTap REST api to create snapshots of specific volumes.

 
We would like to create a service account that ONLY has the rights to create snapshots on specified volumes.
 
Using the CLI we can create a "rest-role" that has all access to all volumes:
 
modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all
 
But when we try to lock this down to a specific operation:
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all
 
we get "URI does not exist"
 
and if we try to use the actual URI called by the app (including the volume ID):
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-a06b-4da4-931d-ee22f7bffeec/snapshots -access all
 
we get "Invalid character detected in URI."
 
How are we meant to lock the role down effectively?
1 REPLY 1

klmi
2,319 Views

we are having the same problem.
Did you get/found any solution for that until now?

 

Best Regards,

Klaus

Public