Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Storage Resource Monitor (SRM) > SRM - Knowledgebase Articles > What NetApp API permissions are required by Storage Resource Monitor

What NetApp API permissions are required by Storage Resource Monitor

Table of contents
No headers
Created by Interspire Import, last modified by Nigel on Dec 20, 2018

Views: 1,752 Votes: 0 Revisions: 6

The following permissions are needed for Storage Resource Monitor to gather data:

7 Mode

  • api-aggr-list-info
  • api-cifs-share-list-iter-end
  • api-cifs-share-list-iter-next
  • api-cifs-share-list-iter-start
  • api-diagnosis-status-get
  • api-disk-list-info
  • api-fcp-adapter-list-info
  • api-fcp-node-get-name
  • api-iscsi-node-get-name
  • api-license-list-info
  • api-license-v2-list-info - only for versions 8.x
  • api-lun-list-info
  • api-lun-map-list-info
  • api-lun-get-occupied-size
  • api-nfs-exportfs-list-rules
  • api-nfs-exportfs-list-rules-2
  • api-options-list-info
  • api-perf-object-get-instances
  • api-quota-report
  • api-quota-report-iter-end
  • api-quota-report-iter-next
  • api-quota-report-iter-start
  • api-snapshot-list-info
  • api-system-get-info
  • api-system-get-version
  • api-vfiler-get-status
  • api-vfiler-list-info
  • api-volume-list-info
  • login-http-admin
  • api-perf-object-get-instances-iter-end
  • api-perf-object-get-instances-iter-next
  • api-perf-object-get-instances-iter-start
  • security-api-vfiler


Login to NetApp CLI and follow these steps to create a read-only user with sufficient privileges for monitoring the device in SRM:

 

  1. useradmin group add <group/>
    • Group will be created successfully.
  2. useradmin user add <username> -g <group>
    </group></username>
    • The user will be created successfully.
  3. Create a role with required access.
    • Note: When mistyping a capability name or a specific api that is not supported by that version of OnTap, an error will be displayed when trying to create the role. For example, if your version of OnTap does not support "api-cifs-share-list", "api-nfs-exportfs-list-rules-v2", or "api-diagnosis-status-get" then you will receive an error message stating " Invalid capabilities: api-cifs-share-list,api-nfs-exportfs-list-rules-v2,api-diagnosis-status-get Could not add role [roletest]. Error: Invalid capability" To resolve this error, remove the invalid capabilities "api-cifs-share-list", "api-nfs-exportfs-list-rules-v2" and "api-diagnosis-status-get" and rerun the command to create the role.
    • Note: To add a required api to the role, use the command "useradmin role modify <rolename>-a api-diagnosis-status-get Role <rolename>modified" </rolename></rolename>
    • For Versions 7.3.x:
      useradmin role add [roletest] -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-get-status,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler
    • For versions 8.x or above:
      useradmin role add [rolename] -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-diagnosis-status-get,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-nfs-exportfs-list-rules-2,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-vfiler-get-status,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler
  4. Modify an existing role.
    • The "group name" will be assigned with the "role name" using the command "useradmin group modify".

    For example: 

    lan-netappv82> useradmin group add srmgroup
    Group <srmgroup> added.
    lan-netappv82> Tue Dec 9 22:37:52 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been added.</srmgroup>

    lan-netappv82> useradmin user add srmuser -g srmgroup
    New password:
    Retype new password:
    User <srmuser> added.
    lan-netappv82> Tue Dec 9 22:38:27 GMT [lan-netappv82:useradmin.added.deleted:info]: The user 'srmuser' has been added.</srmuser>

    lan-netappv82> useradmin role add srmrole -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler
    Role <srmrole> added.
    lan-netappv82> Tue Dec 9 22:39:21 GMT [lan-netappv82:useradmin.added.deleted:info]: The role 'srmrole' has been added.</srmrole>

    lan-netappv82> useradmin group modify srmgroup -r srmrole
    Group <srmgroup> modified.
    lan-netappv82> Tue Dec 9 22:39:51 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been modified.</srmgroup>

    lan-netappv82> useradmin group list srmgroup
    Name: srmgroup
    Info:
    Rid: 131073
    Roles: srmrole
    Allowed Capabilities: api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

  5. Viewing roles associated to a group.
    • To view roles associated to a group, use the command "useradmin group list [group name]".
Last modified

Tags

Classifications

Public