Skip to main content

Overview

The NetApp Console identity and access management (IAM) service provides a centralized point for managing customer and partner information. IAM endpoints enable you to manage and control access to the Console resources.

If you're using the Console in standard mode, you no longer have a NetApp Console account. Instead, you have an organization in the Console that you manage using IAM.

The following six components are defined within the IAM service.

  • hierarchy

  • permission

  • partnership

  • resource and resourcegroup

  • role

  • user and usergroup

IAM uses predefined roles that include sets of permissions which are required to manage and view data. You can have multiple roles within the same organization or set of resources. You should verify that you have the appropriate permissions when using IAM API endpoints. With the appropriate permissions, you can manage an organization hierarchy modeled as folders (subdivisions of an organization using criteria such as department or region) and projects (a workspace in the Console). After organizing your resources into folders and projects, you can grant granular access to resources by providing organization members with permissions to specific folders and projects.

The actions available through the IAM REST API are a superset of what's available through the web UI.

Note: Before using the API reference documentation, review the Get started section for the Console APIs. For more information about the security tokens and identifiers you'll need when using the API, review the Common workflows and tasks section.


REST implementation

HTTP methods

Method Description

POST

Create an object instance

GET

Retrieve an object instance or collection

PATCH

Update specific fields of an existing resource instance based on the supplied input values

PUT

Update an existing resource instance based on the supplied input values

DELETE

Remove an existing object

Request headers

Request Header Description

Authorization

Required. Contains a JWT access token

Query parameters

You can use query parameters with endpoints in the following components:

Component Query Parameter

Hierarchy

filter, skip, include, orderBy, limit, count, continue, metadata, links

Permission

filter, skip, include, orderBy, limit, count, continue, metadata, links

Resource and resourcegroup

filter, skip, include, orderBy, limit, count, continue, metadata, links

Role

filter, skip, include, orderBy, limit, count, continue, metadata, links

User and usergroup

filter, skip, include, orderBy, limit, count, continue, metadata, links

Response headers

This API uses the standard HTTP response headers common with all APIs in the Console. See REST implementation for more information.

HTTP status codes

HTTP Status Code Description

200

OK: Returned for successful operation completion

201

The resource was successfully created.

204

The operation was completed successfully and the server did not send a response message.

400

Bad Request: Returned if the input is malformed and could not be parsed

401

Unauthorized: Returned if user authentication failed or the token has expired

403

Forbidden: Returned for authorization errors depending on the resource and token


Error handling

The following processes are involved with error handling and processing.

  • The error is logged for supportability

  • The error is also returned to the caller for any specific handling