Not authorized for REST API command

tmkhrg · ‎2022-09-02

We are currently trying to use the REST webservice to get and adjust the retention time of a document, but always get the response that the user isn't authorized for that command.

We started by creating a role on our vserver like this:

security login rest-role create -role snaplockall -api /api/storage/snaplock  -access all -vserver vs1.example.com

We called that role "snaplockall" and it looks like this in the GUI:

We then assigned the role as a HTTP-role to a newly created user called "snaplocktest" and gave a password to the user.

With that user we are trying a GET method on:

/storage/snaplock/file/{volume.uuid}/{path}

and always get

{
  "error": {
    "message": "not authorized for that command",
    "code": "6"
  }
}

Are we missing a role or is there anything else we could try?

EDIT: We are using ONTAP Verison 9.7

RobertBlackhart · ‎2022-09-06

Are you using a LIF that belongs to vs1.example.com to access the API? Did you try the same pattern with some other API (unrelated to snaplock) as a test and see if that allowed access?

tmkhrg · ‎2022-09-07

@RobertBlackhart wrote:
Are you using a LIF that belongs to vs1.example.com to access the API? Did you try the same pattern with some other API (unrelated to snaplock) as a test and see if that allowed access?

Yes, we do.

@RobertBlackhart wrote:
Are you using a LIF that belongs to vs1.example.com to access the API? Did you try the same pattern with some other API (unrelated to snaplock) as a test and see if that allowed access?

I just tried "/api/security/roles" and get the same message. Even if I just try "/api" I get that message.

Not authorized for REST API command

Introducing GenAI Search on NSS