#Creating Login Role for ONTAP Tools for VMware

Perhaps this is user error, but I am having a dreadful time tying to create an ONTAP Role for ONTAP Tools for VMware vSphere with the na_ontap_user_role module.

If I have two paths that are under the same top level command I receive a duplicate error, such as:

- path: lun geometry
access: readonly
- path: lun igroup add
access: all
- path: lun igroup create
access: all

The Module returns the following error:

"msg": "Error creating role vsc_role: calling: security/roles: got {'message': 'duplicate entry', 'code': '1', 'target': 'privileges[2].path'}."

I've tested this again and again, and the [#] corresponds every time to the first instance of the second command under the same parent. In this case, it is multiple commands under the "lun" parent, but it happens with any paths I try, no matter the parent.

I get the same error with 9.13, didn't see this in 9.12

This happens in cases where the CLI warns "This operation will also affect the following commands". I worked around it by shortening the path. In your example you coud just use:
- path: lun igroup access: all
If that widens the permissions to much, create a seperate entry to block the unwanted subcommands.
- path: lun igroup initiator access: readonly