Does anyone have a definitive list of the APIs that need to be granted to allow read-only access from powershell? We're trying to automate reporting, but we need to ensure there is no possibility of the script changing anything.
If you want to prevent read-access to iSCSI accounts and passwords, you could set up one PS script to run as User A, and save output to a folder owned by User B, that way you can control what info is accesseed through User A, and User B could be normal staff without access to sensitive data.
The first response to your question appears to be based on NetApp Solidfire? Could you please specify what systems you are trying to automate reporting for? If you want to automate reporting for Clustered DATA ONTAP then it would make more sense create a read-only database user in OCUM used for querying to the information that OCUM has already discovered about the clusters in your environment rather than invoke API's to query the clusters directly.
If you want to automate reporting for Clustered Data ONTAP systems then the following may be of interest to you:
One option to consider (that actually relates to solidfire ) and assuming you have WFA in your environment would be to add the solidfire system (or systems) to WFA using this pack from the automation store:
Once the solidfire system\systems are aquired by the WFA datasource the configuration of your systems will reside in the "solidfire" database on the WFA server which you could query as a read only user. This way you wouldn't need to provide any API access directly to the solidfire systems directly for reporting purposes although the solidfire credentials to acquire the datasource would need to be configured within WFA.
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.