I have a ZAPI script that makes one call to 'snapmirror-update' so that a client can trigger a snapmirror after their data is written. One permissions granted through security login role: 'snapmirror update -destination-path SVMNAME:VOLUMENAME' with access all.
In trying to convert this to REST using the python client library, additional permissions were added:
- 'snapmirror show -destination-path SVMNAME:VOLUMENAME' with access readonly(which also granted 'snapmirror create')
- 'job show' with access readonly
The script is effectively:
config.CONNECTION = HostConnection(connect, username=user, password=password, verify=verify)
However, when the post is issued, it fails with:
HTTPError('403 Client Error:
Forbidden for url: https://filer:443/api/snapmirror/relationships/e8b27bcf-8bee-11eb-94d0-00a098aad316/transfers',): not
authorized for that command
If I change 'snapmirror show' from readonly access to all access, it works, but that introduces privilege concerns since that now allows the user to create snapmirror relationships.
Any ideas what I'm missing here?