#Thanks for the reply it seems first one

The permissions should be the same, unless you're using a custom role.
I would suggest to run na_ontap_debug to help with connection issues:
https://github.com/ansible-collections/netapp.ontap/wiki/Debugging

this is my task with rest info - name: get netapp info
netapp.ontap.na_ontap_rest_info:
hostname: '{{ hostname }}'
username: '{{ username }}'
password: '{{ password }}'
https: true
validate_certs: false
feature_flags:
trace_apis: true
trace_headers: true
gather_subset:
- storage/luns
register: ontap_info_rest

• name: show info
  debug:
  msg: '{{ ontap_info_rest}}' still geting the same error.

this is without rest

• name: get netapp info
  netapp.ontap.na_ontap_info:
  hostname: '{{ hostname }}'
  username: '{{ username }}'
  password: '{{ password }}'
  https: true
  validate_certs: false
  continue_on_error: always
  gather_subset: lun_info
  desired_attributes:
  lun-info:
  serial-number:
  register: ontap_info

• name: show info
  debug:
  msg: '{{ ontap_info.ontap_info }}'

both the time using same user. one works other fails. hence circling back to my question for API do we need more permissions. considering the error says "msg": {
"code": "6691623",
"message": "User is not authorized."

the reason i was planning to use rest module was this warning
TASK [get netapp info] *********************************************************
[WARNING]: The module only supports ZAPI and is deprecated, and will no longer
work with newer versions of ONTAP when ONTAPI is deprecated in CY22-Q4
[WARNING]: netapp.ontap.na_ontap_rest_info should be used instead.
If I can still use ontap_info i m happy to use it

Are you using admin or vsadmin, or some other user?

let me check with my netapp admin what kind of Privilege i have for this user.

i solved it by deploying my own ONTAP Select 9.11.1 in the lab, as the other was a production instance and rightfully the team was not convince to give me more that read access. With this virtual instance i am able to get all the details i need as I am using admin user :).

Yes, we found a limitation in ONTAP 😦 It won't allow a custom vsadmin to read the ONTAP version as it is considered a cluster property. The default vsadmin is OK. We'll add an option to force the version, as a work-around until a new version of ONTAP removes this limitation.

I looked more into this, and there two different error message User is not authorized. and not authorized for that command The latter indicates insufficient permissions to perform an action, while the former indicates an authentication issue. It's a bit puzzling as you're saying the same user works with ZAPI and not with REST.