- ActiveIQ Unified Manager (AIQ UM)
- OnCommand Unified Manager (OCUM)
- ONTAP 9
Per the Adding Clusters section in AIQ UM documentation, this account information is required:
- ONTAP administrator user name and password
This account must have admin role with Application access set to ontapi, console, ssh and http
To clarify, the 'admin' account is not required, but the user that is specified does require the admin role for the specified applications.
If you tried to assign a read-only role to a user for monitoring, it would break the functionality of AIQ UM to execute anything on the cluster.
- Data Protection
- EMS Subscriptions
- Registering UM with the cluster
- Performance polling
Because limiting the scope of the Ontap account used in AIQ UM is known to break functionality between AIQ UM and the cluster, configuring a user with a role other than admin is not supported by NetApp Technical Support at this time.
If the functionality is not required, a custom read only user may be used after the cluster has been added to AIQ UM. Because AIQ UM registers itself in multiple places during the cluster add process, it is not possible to bypass this requirement until after the cluster has been added and the initial polling has been completed.
See KB ActiveIQ Unified Manager read-only account privileges for clustered Data ONTAP for more information on creating the read only user.
A Request For Enhancement (RFE) has been submitted to NetApp Engineering to provide an option to limit the required roles and privileges needed for AIQ UM to monitor the cluster. This request is tracked via Bug 1016366.