ONTAP datasource is failing in OCI because of read only role and domain user
Applies to
- OnCommand Insight (OCI) 7.3.x
- ONTAP 9.x datasource
Issue
- ONTAP datasource is failing in OCI
- In
audit-mlog.log
we see errors like:
00000025.01f04081 0e820abe Mon Mar 25 2024 05:03:38 +00:00 [kern_audit:info:2480] 8503ee0002ab6008 :: <clustername>:ontapi :: <management_lif_ip>:56395 :: <clustername>:<domain name>\<domain_user> :: <netapp version='1.0' xmlns='
'="">http://www.netapp.com/filer/admin'><system-cli>
^M <args>^M <arg>node</arg>^M <arg>run</arg>^M <arg><node_name></arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>/etc/powershell</arg>^M <arg>;</arg>^M <arg>node</arg>^M <arg>run</arg>^M <arg><node_name></arg>^M <arg>-command</arg>^M <arg>wrfile</arg>^M <arg>-a</arg>^M <arg>/etc/powershell</arg>^M <arg>// File generated by the Data ONTAP PowerShell Toolkit: powershell.usagelog.version=1: powershell.usagelog.lastupdated=1711343017: powershell.cmdlet.CONNECTNCCONTROLLER.count=1: powershell.cmdlet.GETNCNODEINFO.count=181: powershell.cmdlet.GETNCSYSTEMVERSION.count=1: powershell.cmdlet.GETNCLICENSE.count=8: powershell.usagelog.times... :: Pending:
00000025.01f04083 0e820abe Mon Mar 25 2024 05:03:38 +00:00 [kern_audit:info:2480] 8503ee0002ab6008 :: <clustername>:ontapi :: <management_lif_ip>:56395 :: <clustername>:<domain name>\<domain_user> :: system-cli :: Error: Insufficient privileges: user '<domain name>\<domain_user>' does not have write access to this resource