What permissions are required to add a cluster to AIQUM?

Applies to

Active IQ Unified Manager (AIQUM)

Answer

• To add an ONTAP cluster in AIQUM, you must have the user name and password to access the cluster
  • This account must have the admin role with Application access set to ontapi, ssh, and http
  • Starting with AIQUM  9.11 the account must have Application access to ontapi, console, and http .
    • Domain users cannot be granted console access.
    • Use CLI to add/modify clusters on AIQUM if domain users are needed
  • See adding clusters for more information
• Use the command  security login show to display the current users plus their assigned role and application(s).
  • For simplicity and testing purposes use the default "admin" user seen below

cluster1::> security login show

Vserver: cluster1
                                                                 Second
User/Group                 Authentication                 Acct   Authentication
Name           Application Method        Role Name        Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
admin          console     password      admin            no     none
admin          http        password      admin            no     none
admin          ontapi      password      admin            no     none
admin          service-processor
                           password      admin            no     none
admin          ssh         password      admin            no     none
autosupport    console     password      autosupport      no     none

• From AIQUM 9.14 onwards, amqp permission is also needed to successfully complete REST based collections 

Additional Information

• ActiveIQ Unified Manager returns no results when using the "um run cmd" CLI command
• Parent topic: Unable to add cluster to Active IQ Unified Manager
• RFE 1562518 - Full support for domain users in cluster collections.