对于/API/storage/LUN、REST角色无法按预期工作

最后更新
另存为PDF

Views:: 4

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core<a>2009年286190</a>

Last Updated:

适用场景

ONTAP 9
REST API

问题描述

用户已 access level : all 为LUN API设置特定角色。
cluster::> rest-role show -vserver <vserver_name> -role <role_name> (security login rest-role show) Role Access Vserver Name API Level ---------- ------------- ------------------- ------ <vserver_name><role_name> /api readonly /api/storage/luns all

使用用户调整LUN大小或删除LUN失败

not authorized for that command.

审核日志 显示：
Mon Jul 29 2023 13:10:06 +01:00 [kern_audit:info:2465] XXXXXXXXXXXXXXXX :: cluster:http :: X.X.X.X:58318 :: cluster:user :: DELETE /api/storage/luns/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX :: Pending Mon Jul 29 2023 13:10:06 +01:00 [kern_audit:info:2465] XXXXXXXXXXXXXXXX :: cluster:http :: X.X.X.X:58318 :: cluster:user :: DELETE /api/storage/luns/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX :: Error: not authorized for that command

M木质日志 显示：
Mon Jul 29 2023 13:10:06 +01:00 [kern_mgwd:info:3603] XXXXXXXXX: XXXXXXXXXXXXXXXX: ERR: SAN::REST::LUN: src/tables/lun_rest.cc:remove_imp:2626 returning: 0/6 - not authorized for that command