REST API reference
Create a cluster-scoped or an SVM-scoped SNMP user
Suggest changes
PDFs
POST /support/snmp/users
Introduced In: 9.7
Creates either a cluster-scoped or an SVM-scoped SNMP user. This user can be an SNMPv1 or SNMPv2c community user or an SNMPv3 user. An SNMPv3 user can be a local SNMPv3 user or a remote SNMPv3 user.
Required properties
-
owner- Name and UUID of owning SVM. -
engine_id- Engine ID of owning SVM or remote switch. -
name- SNMP user name -
authentication_method- Authentication method
Optional properties
-
switch_address- Optional remote switch address -
snmpv3- SNMPv3-specific credentials -
comment- Comment text
Default property values
-
snmpv3.authentication_protocol- none -
snmpv3.privacy_protocol- none
Related ONTAP commands
-
security login create -
system snmp community add
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
authentication_method |
string |
Optional authentication method. |
comment |
string |
Optional comment text. |
engine_id |
string |
Optional SNMPv3 engine identifier. For a local SNMP user belonging to the administrative Storage Virtual Machine (SVM), the default value of this parameter is the SNMPv3 engine identifier for the administrative SVM. For a local SNMP user belonging to a data SVM, the default value of this parameter is the SNMPv3 engine identifier for that data SVM. For an SNMPv1/SNMPv2c community, this parameter should not be specified in "POST" method. For a remote switch SNMPv3 user, this parameter specifies the SNMPv3 engine identifier for the remote switch. This parameter can also optionally specify a custom engine identifier. |
name |
string |
SNMP user name. |
owner |
Optional name and UUID of owning Storage Virtual Machine (SVM). |
|
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
snmpv3 |
Optional parameter that can be specified only for an SNMPv3 user i.e. when 'authentication_method' is either 'usm' or 'both'. This parameter defines the SNMPv3 credentials for an SNMPv3 user. |
|
switch_address |
string |
Optional remote switch address. It can be an IPv4 address or an IPv6 address. A remote switch can be queried over SNMPv3 using ONTAP SNMP client functionality. Querying such a switch requires an SNMPv3 user (remote switch user) to be configured on the switch. Since ONTAP requires remote switch user's SNMPv3 credentials (to query it), this user must be configured in ONTAP as well. This parameter is specified when configuring such a user.
|
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authentication_method": "usm",
"comment": "This is a comment.",
"engine_id": "80000315055415ab26d4aae811ac4d005056bb792e",
"name": "snmpv3user2",
"owner": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"scope": "svm",
"snmpv3": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authentication_password": "humTdumt*@t0nAwa11",
"authentication_protocol": "sha2_256",
"privacy_password": "p@**GOandCLCt*200",
"privacy_protocol": "aes128"
},
"switch_address": "10.23.34.45"
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
authentication_method |
string |
Optional authentication method. |
comment |
string |
Optional comment text. |
engine_id |
string |
Optional SNMPv3 engine identifier. For a local SNMP user belonging to the administrative Storage Virtual Machine (SVM), the default value of this parameter is the SNMPv3 engine identifier for the administrative SVM. For a local SNMP user belonging to a data SVM, the default value of this parameter is the SNMPv3 engine identifier for that data SVM. For an SNMPv1/SNMPv2c community, this parameter should not be specified in "POST" method. For a remote switch SNMPv3 user, this parameter specifies the SNMPv3 engine identifier for the remote switch. This parameter can also optionally specify a custom engine identifier. |
name |
string |
SNMP user name. |
owner |
Optional name and UUID of owning Storage Virtual Machine (SVM). |
|
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
snmpv3 |
Optional parameter that can be specified only for an SNMPv3 user i.e. when 'authentication_method' is either 'usm' or 'both'. This parameter defines the SNMPv3 credentials for an SNMPv3 user. |
|
switch_address |
string |
Optional remote switch address. It can be an IPv4 address or an IPv6 address. A remote switch can be queried over SNMPv3 using ONTAP SNMP client functionality. Querying such a switch requires an SNMPv3 user (remote switch user) to be configured on the switch. Since ONTAP requires remote switch user's SNMPv3 credentials (to query it), this user must be configured in ONTAP as well. This parameter is specified when configuring such a user.
|
Example response
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authentication_method": "usm",
"comment": "This is a comment.",
"engine_id": "80000315055415ab26d4aae811ac4d005056bb792e",
"name": "snmpv3user2",
"owner": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"scope": "svm",
"snmpv3": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"authentication_password": "humTdumt*@t0nAwa11",
"authentication_protocol": "sha2_256",
"privacy_password": "p@**GOandCLCt*200",
"privacy_protocol": "aes128"
},
"switch_address": "10.23.34.45"
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
2621475 |
This operation is not allowed on a node SVM. |
2621601 |
This operation is not permitted on a system SVM. |
5636101 |
One role for all applications and authentication methods is recommended for a user account. |
5636106 |
Engine ID starting with first bit set as 1 in first octet should have a minimum of 5 or maximum of 32 octets. |
5636107 |
Engine ID specified is based on an IP address, and must therefore be 9 octets in length. |
5636108 |
Engine ID specified is based on an IPv6 address, and must therefore be 21 octets in length. |
5636109 |
Engine ID specified is based on a MAC address, and must therefore be 11 octets in length. |
5636110 |
Engine ID starting with first bit set as 0 in the first octet needs to be 12 octets in length. |
5636111 |
Engine ID cannot have all zeroes. |
5636112 |
Invalid Engine ID specified. |
5636113 |
Cannot enable SNMP user capability for data SVM. |
5636116 |
Cannot read SNMP user capability for data SVM. |
5636121 |
User account name is reserved for use by the system. |
5636123 |
Cannot create an SNMP user with a role other than readonly, none, or admin. |
5636124 |
Cannot create an SNMP user with a role other than vsadmin-readonly, none, or vsadmin. |
5636126 |
Cannot create a user with the user name, group name, or role "autosupport" because it is reserved by the system. |
5636148 |
Failed to discover SNMPv3 engine ID of remote SNMP agent. |
5636150 |
The switch_address parameter can be specified only for administrative SVMs. |
5636152 |
0.0.0.0 cannot be specified as the IP Address for the switch_address parameter. |
5636153 |
Engine ID is already associated with user. |
5832711 |
The only application permitted for user "diag" is "console." |
7077897 |
Invalid character in username. Valid characters":" A-Z, a-z, 0-9, ".", "_", and "-". Note that the user name cannot start with "-". |
7077898 |
The username must contain both letters and numbers. |
7077899 |
Username does not meet length requirements. |
7077906 |
Cannot use given role with this SVM because a role with that name has not been defined for the SVM. |
9043995 |
Failed to create SNMP community. Reason":" SNMPv1 and SNMPv2c are not supported when cluster FIPS mode is enabled. |
9043999 |
ONTAP failed to create an SNMPv3 user because SNMPv3 is disabled in the cluster. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
owner
Optional name and UUID of owning Storage Virtual Machine (SVM).
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
snmpv3
Optional parameter that can be specified only for an SNMPv3 user i.e. when 'authentication_method' is either 'usm' or 'both'. This parameter defines the SNMPv3 credentials for an SNMPv3 user.
| Name | Type | Description |
|---|---|---|
_links |
||
authentication_password |
string |
Authentication protocol password. |
authentication_protocol |
string |
Authentication protocol. |
privacy_password |
string |
Privacy protocol password. |
privacy_protocol |
string |
Privacy protocol. |
snmp_user
An SNMP user can be an SNMPv1/SNMPv2c user or an SNMPv3 user. SNMPv1/SNMPv2c user is also called a "community" user. An SNMPv3 user, also called a User-based Security Model (USM) user, can be a local SNMPv3 user or a remote SNMPv3 user. A local SNMPv3 user can be used for querying ONTAP SNMP server over SNMPv3 and/or for sending SNMPv3 traps. The local SNMPv3 user used for sending SNMPv3 traps must be configured with the same authentication and privacy credentials on the traphost receiver as well. A remote SNMPv3 user is also configured on a remote switch and used by ONTAP SNMP client functionality to query the remote switch over SNMPv3. An SNMP user is scoped to its owning Storage Virtual Machine (SVM). Owning SVM could be a data SVM or the administrative SVM.
| Name | Type | Description |
|---|---|---|
_links |
||
authentication_method |
string |
Optional authentication method. |
comment |
string |
Optional comment text. |
engine_id |
string |
Optional SNMPv3 engine identifier. For a local SNMP user belonging to the administrative Storage Virtual Machine (SVM), the default value of this parameter is the SNMPv3 engine identifier for the administrative SVM. For a local SNMP user belonging to a data SVM, the default value of this parameter is the SNMPv3 engine identifier for that data SVM. For an SNMPv1/SNMPv2c community, this parameter should not be specified in "POST" method. For a remote switch SNMPv3 user, this parameter specifies the SNMPv3 engine identifier for the remote switch. This parameter can also optionally specify a custom engine identifier. |
name |
string |
SNMP user name. |
owner |
Optional name and UUID of owning Storage Virtual Machine (SVM). |
|
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
snmpv3 |
Optional parameter that can be specified only for an SNMPv3 user i.e. when 'authentication_method' is either 'usm' or 'both'. This parameter defines the SNMPv3 credentials for an SNMPv3 user. |
|
switch_address |
string |
Optional remote switch address. It can be an IPv4 address or an IPv6 address. A remote switch can be queried over SNMPv3 using ONTAP SNMP client functionality. Querying such a switch requires an SNMPv3 user (remote switch user) to be configured on the switch. Since ONTAP requires remote switch user's SNMPv3 credentials (to query it), this user must be configured in ONTAP as well. This parameter is specified when configuring such a user.
|
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |