Configuring access to web services

Configuring access to web services allows authorized users to use HTTP or HTTPS to access the service content on the cluster or a storage virtual machine (SVM).

Steps

  1. If a firewall is enabled, ensure that HTTP or HTTPS access is set up in the firewall policy for the LIF that will be used for web services:
    Note: You can check whether a firewall is enabled by using the system services firewall show command.
    1. To verify that HTTP or HTTPS is set up in the firewall policy, use the system services firewall policy show command.
      You set the -service parameter of the system services firewall policy create command to http or https to enable the policy to support web access.
    2. To verify that the firewall policy supporting HTTP or HTTPS is associated with the LIF that provides web services, use the network interface show command with the -firewall-policy parameter.
      You use the network interface modify command with the -firewall-policy parameter to put the firewall policy into effect for a LIF.
  2. To configure the cluster-level web protocol engine and make web service content accessible, use the system services web modify command.
  3. If you plan to use secure web services (HTTPS), enable SSL and provide digital certificate information for the cluster or SVM by using the security ssl modify command.
  4. To enable a web service for the cluster or SVM, use the vserver services web modify command.
    You must repeat this step for each service that you want to enable for the cluster or SVM.
  5. To authorize a role to access web services on the cluster or SVM, use the vserver services web access create command.
    The role that you grant access must already exist. You can display existing roles by using the security login role show command or create new roles by using the security login role create command.
  6. For a role that has been authorized to access a web service, ensure that its users are also configured with the correct access method by checking the output of the security login show command.
    To access the ONTAP API web service (ontapi), a user must be configured with the ontapi access method. To access all other web services, a user must be configured with the http access method.
    Note: You use the security login create command to add an access method for a user.