REST role not working as expected for /api/storage/lun

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 122

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
REST API

Issue

User has specific role set up with access level : all for LUN api's.
cluster::> rest-role show -vserver <vserver_name> -role <role_name> (security login rest-role show) Role Access Vserver Name API Level ---------- ------------- ------------------- ------ <vserver_name> <role_name> /api readonly /api/storage/luns all

Resizing or deleting luns with the user fails with

not authorized for that command.

Audit log shows:
Mon Jul 29 2023 13:10:06 +01:00 [kern_audit:info:2465] XXXXXXXXXXXXXXXX :: cluster:http :: X.X.X.X:58318 :: cluster:user :: DELETE /api/storage/luns/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX :: Pending Mon Jul 29 2023 13:10:06 +01:00 [kern_audit:info:2465] XXXXXXXXXXXXXXXX :: cluster:http :: X.X.X.X:58318 :: cluster:user :: DELETE /api/storage/luns/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX :: Error: not authorized for that command

MGWD log shows:
Mon Jul 29 2023 13:10:06 +01:00 [kern_mgwd:info:3603] XXXXXXXXX: XXXXXXXXXXXXXXXX: ERR: SAN::REST::LUN: src/tables/lun_rest.cc:remove_imp:2626 returning: 0/6 - not authorized for that command