ONTAP Rest API Discussions

Lock Down REST api Role

We have an app that is using the OnTap REST api to create snapshots of specific volumes.

 
We would like to create a service account that ONLY has the rights to create snapshots on specified volumes.
 
Using the CLI we can create a "rest-role" that has all access to all volumes:
 
modify -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes -access all
 
But when we try to lock this down to a specific operation:
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/snapshots -access all
 
we get "URI does not exist"
 
and if we try to use the actual URI called by the app (including the volume ID):
 
create -vserver dc1-netsim -role SmartBackupRest -api /api/storage/volumes/d9616397-a06b-4da4-931d-ee22f7bffeec/snapshots -access all
 
we get "Invalid character detected in URI."
 
How are we meant to lock the role down effectively?
Forums