Skip to main content
NetApp Knowledge Base

Can we elevate the SVM scope custom role to access the cluster scope API "/api/cluster"?

  1. Last updated
  2. Save as PDF
Views:
21
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

ONTAP 9

Answer

We can't give a data SVM role any permissions for the /api/cluster/* endpoints. These endpoints are for cluster-wide roles, which are only recognized for roles managed by the admin SVM. 

Additional Information

Since version 9.11.1, the REST RBAC model allows users to create roles, assign privileges to API paths, and use the /api/cluster permission. However, whether the role is for the entire cluster or a specific data SVM determines which endpoints can be accessed.
Overview of RBAC security with the ONTAP REST API
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.