Creating an ONTAP cluster role with minimum privileges

You should create an ONTAP cluster role with minimum privileges so that you do not have to use the ONTAP admin role to perform operations in SnapCenter. You can run several ONTAP CLI commands to create the ONTAP cluster role and assign minimum privileges.


  1. On the storage system, create a role and assign all the permissions to the role. security login role create –vserver <cluster_name>- role <role_name> -cmddirname <permission>
    Note: You should repeat this command for each permission.

    For information about the list of permissions, see ONTAP CLI commands for creating roles and assigning permissions.

  2. Create a user and assign the role to that user. security login create -user <user_name> -vserver <cluster_name> -application ontapi -authmethod password -role <role_name>
  3. Unlock the login unlock -user <user_name> -vserver <cluster_name>