I'm building a new ONTAP-based solution, and for the present, I do not intend for it to perform any changes to one's storage environment. I'm still learning the way the API works and I don't have a deep NetApp background (yet!), so bear with me. What I'm looking for and have so far not had luck finding is this: I'd like a simple list of the api-* roles which are READ-ONLY. I want to then give guidance to my customers so that they are comfortable putting something new into their environment that not only does not intend to make changes to the environment, but CANNOT make changes. I started going through API docs and quickly found that there's 100's of roles, and not all of them are obvious as to whether they grant write access or not.
In case it helps, the scope of what I'm doing can simply be summarized as "performance data collection".