#Privileges needed for Active IQ Unified Manager

1 messages · Page 1 of 1 (latest)

cursive matrix Apr 26, 2023, 5:46 PM

Question regarding adding storage systems to AIQUM

Here (https://docs.netapp.com/us-en/active-iq-unified-manager/storage-mgmt/task_add_clusters.html) and here (https://docs.netapp.com/us-en/active-iq-unified-manager/config/task_add_clusters.html) it says for your local user in ONTAP you need:

role: admin
application: ontapi, http, CONSOLE

But here (https://kb.netapp.com/Legacy/OnCommand_Suite/How_to_Create_read-only_privileges_user_for_UM_in_ONTAP_9) it says you need:

role: admin
application: ontapi, http, SSH

--> So what it correct?

Also is this read-only role still valid for the current version of AIQUM 9.12?

NetApp Knowledge Base

How to Create read-only privileges user for UM in ONTAP 9

buoyant geode Apr 27, 2023, 12:03 AM

Console is needed for things like the um cli run commands, but isn't needed for normal monitoring. SSH is also not required for normal monitoring. For older ontap versions, it was needed for NDMP restores. It was removed as a requirement in 9.11.

What is required is the admin role when adding the cluster, as UM needs to write some things to the cluster application record and certs. After the initial polling has completed, then you can switch to the read only account.

The kb you linked for read only appears to be a rewrite of the original kb. I assume it should be mostly up to date, at most you'd need to hunt down a few apis to add to the role. I've added a note in the KB to clarify the SSH requirement, I hope this helps.