ONTAP Rest API Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Rest API Discussions

Ask a Question

Lock Down REST api Role

lcr
‎2019-11-26 08:51 AM
2,678 Views

We have an app that is using the OnTap REST api to create snapshots of specific volumes.

 
We would like to create a service account that ONLY has the rights to create snapshots on specified volumes.
 
Using the CLI we can create a "rest-role" that has all access to all volumes:
 
modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all
 
But when we try to lock this down to a specific operation:
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all
 
we get "URI does not exist"
 
and if we try to use the actual URI called by the app (including the volume ID):
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-a06b-4da4-931d-ee22f7bffeec/snapshots -access all
 
we get "Invalid character detected in URI."
 
How are we meant to lock the role down effectively?
0 Kudos
1 REPLY 1

klmi
‎2021-02-23 03:41 AM
1,604 Views

we are having the same problem.
Did you get/found any solution for that until now?

 

Best Regards,

Klaus

0 Kudos
All Community Forums
Public