CLI passthrough REST APIs not working for a user with a custom role
Applies to
- ONTAP 9.6 and later
- Private CLI passthrough REST API
Issue
- A non-admin user is provided a custom role and web access as described in KB Article How to create a custom role with only REST API access.
- Standard REST APIs response is normal.
Example:
[API]:
curl -kX GET https://<cluster-mgmt>/api/cloud/targets?return_records=true&return_timeout=15 -H "accept: application/json" -H "authorization: Basic fwXXXXXXXXXXdf"
[RESPONSE]:
{
"records": [
{
"uuid": "14XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXc8",
"name": "os1"
}
],
"num_records": 1
}
- However, for the same user, the private CLI REST APIs fail with the error:
Example:
[API]:
curl -X GET https://<cluster-mgmt>/api/private/cli/storage/aggregate/object-store?fields=object-store-availability -H "accept: application/json" -H "authorization: Basic fwXXXXXXXXXXdf"
[RESPONSE]:
{
"error": {
"message": "API not found",
"code": "3"
}
}
- REST APIs (Standard and CLI passthrough both) working normally for the admin user.