Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Storage Resource Monitor (SRM) > SRM - Knowledgebase Articles > SRM: Permissions needed to monitor NetApp Filers and gather data

SRM: Permissions needed to monitor NetApp Filers and gather data



This article contains the permissions needed for Storage Resource Monitor to monitor and gather data for NetApp filers.. NetApp calls individual permissions to execute API calls or "capabilities." Any user being used for monitoring has to be assigned a role with all the required API capabilities.


Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.


  • SRM



Required API capacities

The following API capabilities are required for 7Mode, versions 7x and higher:

  • api-aggr-list-info
  • api-cifs-share-list-iter-end
  • api-cifs-share-list-iter-next
  • api-cifs-share-list-iter-start
  • api-diagnosis-status-get
  • api-disk-list-info
  • api-fcp-adapter-list-info
  • api-fcp-node-get-name
  • api-iscsi-node-get-name
  • api-license-list-info
  • api-license-v2-list-info
  • api-lun-list-info
  • api-lun-map-list-info
  • api-lun-get-occupied-size
  • api-nfs-exportfs-list-rules
  • api-nfs-exportfs-list-rules-2
  • api-options-list-info
  • api-perf-object-get-instances
  • api-quota-report
  • api-quota-report-iter-end
  • api-quota-report-iter-next
  • api-quota-report-iter-start
  • api-snapshot-list-info
  • api-system-get-info
  • api-system-get-version
  • api-vfiler-get-status
  • api-vfiler-list-info
  • api-volume-list-info
  • login-http-admin
  • api-perf-object-get-instances-iter-end
  • api-perf-object-get-instances-iter-next
  • api-perf-object-get-instances-iter-start
  • security-api-vfiler

The following additional API capabilities are required for versions 8.x:

  • api-nfs-exportfs-list-rules-2
  • api-license-v2-list-info
  • api-diagnosis-status-get

Log in to the NetApp CLI and use the following procedure to create a read-only user with sufficient privileges for monitoring the device in SRM.

Required steps summary

  1. Create a monitoring group.
  2. Create a monitoring user and assign it to the monitoring group created in step 1.
  3. Create a role that has all of the required capabilities assigned to it. The list of capabilities are specific the version of NetApp being used.
  4. Assign the role to the group created in step 1.

Steps in details

  1. Creating the group:

You can use an existing group, or create a new group using the following command:

useradmin group add [group_name]

For example:

lan-netappv82> useradmin group add srmgroup

Group added.

lan-netappv82> Tue Dec 9 22:37:52 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been added.

  1. Creating monitoring user:

You can use an existing user or create a new one. The user will be read-only and used for monitoring. You can create a new user by using the following command:

useradmin user add [user_name] -g [group_name]

For example:

lan-netappv82> useradmin user add srmuser -g srmgroup

New password:

Retype new password:

User added.

lan-netappv82> Tue Dec 9 22:38:27 GMT [lan-netappv82:useradmin.added.deleted:info]: The user 'srmuser' has been added.

Creating a role and assigning it all required API capabilities:

The set of capabilities is version specific. If you do not know the version of your device, just type "version" to display it. Use following command to create a new role, and assign it all capabilities:

useradmin role add [rolename] -a [list_of_capabilities]

For example, for Versions 7.3.x:

useradmin role add srmrole -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-get-status,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

Role will be created successfully.

For example, for versions 8.x or above:

useradmin role add srmrole -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-diagnosis-status-get,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-nfs-exportfs-list-rules-2,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-vfiler-get-status,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

Role will be created successfully.

To modify an existing role and add a new capability use the following command:

useradmin role modify [role] -a [capability_to_add]

For example:

useradmin role modify srmrole -a api-diagnosis-status-get

Role modified.

Invalid capabilities:

api-cifs-share-list Could not add role [roletest]. Error: Invalid capability

To resolve this error, remove the invalid capability "api-cifs-share-list" and re run the command to create the role.

useradmin group list [group_name]

For example:

useradmin group list srmgroup

Name: srmgroup


Rid: 131073

Roles: srmrole

Allowed Capabilities: api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

  1. Assign the created role to an existing group

To assign the role into an existing group, use the following command:

useradmin group modify [group_name] -r [role_name]

useradmin group modify srmgroup -r srmrole

Group modified.

lan-netappv82> Tue Dec 9 22:39:51 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been modified.




Last modified


This page has no custom tags.