Skip to main content

security

Contributors
Suggest changes

security-config-get

GET /api/security

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

cluster-security-config-ready

No REST Equivalent

interface

No REST Equivalent

This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API.

is-fips-enabled

fips.enabled

supported-ciphers

No REST Equivalent

This was optional in ONTAPI but is now deprecated in favor of supported-cipher-suites. Not exposed in the REST API.

supported-cipher-suites

tls.cipher_suites

supported-protocols

tls.protocol_versions

interface

No REST Equivalent

This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API.

security-config-modify

PATCH /api/security

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

interface

No REST Equivalent

This was required in ONTAPI but only allowed a single valid value. Not exposed in the REST API.

is-fips-enabled

fips.enabled

supported-ciphers

No REST Equivalent

This was optional in ONTAPI but is now deprecated in favor of supported-cipher-suites. Not exposed in the REST API.

supported-cipher-suites

tls.cipher_suites

supported-protocols

tls.protocol_versions

security-config-ocsp-disable

Note: Use the advanced "security config ocsp disable" command.

This ONTAPI call does not have an equivalent REST API call.

security-config-ocsp-enable

Note: Use the advanced "security config ocsp enable" command.

This ONTAPI call does not have an equivalent REST API call.

security-config-ocsp-get-iter

Note: Use the advanced "security config ocsp show" command.

This ONTAPI call does not have an equivalent REST API call.

security-last-login-info

This ONTAPI call does not have an equivalent REST API call.

security-login-create

POST /api/security/accounts

Note: You cannot create SNMP users by using this endpoint. To create SNMP users, use the POST /api/support/snmp/users REST API endpoint.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-ns-switch-group

No REST Equivalent

is-password-hashed

No REST Equivalent

password

password

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

snmpv3-login-info

No REST Equivalent

SNMP (including SNMPv3) users are managed by the "/api/support/snmp/users" REST API endpoint.

user-name

name

name is specified as a path parameter.

vserver

owner.name

Can also use owner.uuid

security-login-delete

DELETE /api/security/accounts/{owner.uuid}/{name}

Note: The /api/security/accounts/\{owner.uuid\}/{name} REST API endpoint deletes all the entries for the user account, that is, it deletes entries for all applications and all authentication methods corresponding to the user account. You cannot delete SNMP users by using this endpoint. To delete SNMP users, use the DELETE /api/support/snmp/users/{engine-id}/{name} REST API endpoint.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

remote-switch-ipaddress

No REST Equivalent

user-name

name

name is specified as a path parameter.

vserver

owner.uuid

owner.uuid is specified as a path parameter.

security-login-delete-iter

DELETE /api/security/accounts

Note: You cannot delete SNMP users by using this endpoint. To delete a set of SNMP users, use the DELETE /api/support/snmp/users REST API collection.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

Specifies the maximum number of records to return before paging.

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

password_hash_algorithm

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

vserver

owner.name

Can also specify "owner.uuid"

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-expire-password

This ONTAPI call does not have an equivalent REST API call.

security-login-expire-password-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-get

GET /api/security/accounts/{owner.uuid}/{name}

Note: You cannot retrieve SNMP users by using this endpoint. To retrieve SNMP users, use GET /api/support/snmp/users/{engine_id}/{name} REST API call.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

password_hash_algorithm

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

name is specified as a path parameter.

vserver

owner.uuid

owner.uuid is specified as a path parameter.

security-login-get-iter

GET /api/security/accounts

Note: You cannot retrieve SNMP users by using this endpoint. To retrieve a set of SNMP users, use the GET /api/support/snmp/users REST API collection.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-locked

locked

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

password_hash_algorithm

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

vserver

owner.name

Can also use "owner.uuid"

max-records

max_records

Specifies the maximum number of records to return before paging.

security-login-lock

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: Set the "locked" REST API attribute to "true".

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

user-name

name

name is specified as a path parameter.

vserver

owner.uuid

owner.uuid is specified as a path parameter.

security-login-modify

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: You cannot modify SNMP users by using this endpoint. To modify SNMP users, use the PATCH /api/support/snmp/users/{engine_id}/{name} REST API call.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

authentication-method

applications.authentication_methods

comment

comment

is-ns-switch-group

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

second-authentication-method

applications.second_authentication_method

user-name

name

name is specified as a path parameter.

vserver

owner.uuid

owner.uuid is specified as a path parameter.

security-login-modify-iter

PATCH /api/security/accounts

Note: Update SNMP users by using the /api/support/snmp/users REST API endpoint.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

applications.application

Can specify as a query parameter.

authentication-method

applications.authentication_methods

Can specify as a query parameter.

comment

comment

Must specify in the PATCH body.

is-locked

locked

Must specify in the PATCH body.

is-ns-switch-group

No REST Equivalent

password-hash-algorithm

No REST Equivalent

remote-switch-ipaddress

No REST Equivalent

role-name

role.name

Must specify in the PATCH body.

second-authentication-method

applications.second_authentication_method

user-name

name

Must specify as a query parameter.

vserver

owner.name

Can also use owner.uuid.

continue-on-failure

No REST Equivalent

max-failure-count

No REST Equivalent

max-records

max_records

Specifies the maximum number of records to return before paging.

return-failure-list

No REST Equivalent

return-success-list

No REST Equivalent

security-login-modify-password

POST /api/security/authentication/password

Note: In the REST API, specify owner.name, that is, the SVM name or owner.uuid (SVM UUID REST API attributes in the body of a POST request) to specify the SVM to which the user belongs. If you do not specify owner.uuid or owner.name, the SVM is selected based on the LIF or IP address to which the REST API is issued.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

is-password-hashed

No REST Equivalent

new-password

password

password-hash-algorithm

password_hash_algorithm

user-name

name

security-login-role-config-get

This ONTAPI call does not have an equivalent REST API call.

security-login-role-config-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-role-config-modify

This ONTAPI call does not have an equivalent REST API call.

security-login-role-config-modify-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-role-create

POST /api/security/roles

Note: You can use the POST method of the /security/roles endpoint to create a new legacy role.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

access-level

privileges.access

command-directory-name

privileges.path

return-record

No REST Equivalent

role-name

name

role-query

privileges.query

vserver

owner.name

security-login-role-delete

DELETE /api/security/roles/{owner.uuid}/{name}/privileges/{path}

Note: Use DELETE method on /api/security/roles/{owner.uuid}/{name}/privileges/{path} endpoint to delete a command or command directory entry for a legacy role.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

command-directory-name

privileges.path

role-name

name

vserver

owner.name

security-login-role-delete-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-role-get

GET /api/security/roles/{owner.uuid}/{name}/privileges/{path}

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

command-directory-name

privileges.path

access-level

privileges.access

role-name

name

role-query

privileges.query

vserver

owner.name

security-login-role-get-iter

GET /api/security/roles

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

access-level

privileges.access

command-directory-name

privileges.path

role-name

name

role-query

privileges.query

vserver

owner.name

max-records

No REST Equivalent

security-login-role-modify

PATCH /api/security/roles/{owner.uuid}/{name}/privileges/{path}

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

access-level

privileges.access

command-directory-name

privileges.path

role-name

name

role-query

privileges.query

vserver

owner.name

security-login-role-modify-iter

This ONTAPI call does not have an equivalent REST API call.

security-login-unlock

PATCH /api/security/accounts/{owner.uuid}/{name}

Note: Set the locked REST API attribute to false.

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

user-name

name

name is specified as a path parameter.

vserver

owner.uuid

owner.uuid is a path parameter.

security-login-whoami

This ONTAPI call does not have an equivalent REST API call.

security-protocol-get

GET /api/security

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

management_protocols

To retrieve RSH and Telnet protocols, use the /api/security?fields=management_protocols REST API call.

enabled

management_protocols

To retrieve RSH and Telnet protocol statuses, use the fields management_protocols.rsh_enabled and management_protocols.telnet_enabled.

security-protocol-modify

PATCH /api/security

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

application

management_protocols

enabled

management_protocols

To modify RSH and Telnet protocols, use the parameters rsh_enabled and telnet_enabled.

security-protocol-ssh-get

GET /api/security/ssh

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

connections-per-second

connections_per_second

max-instances

max_instances

per-source-limit

per_source_limit

security-protocol-ssh-modify

PATCH /api/security/ssh

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

connections-per-second

connections_per_second

max-instances

max_instances

per-source-limit

per_source_limit

security-reset

This ONTAPI call does not have an equivalent REST API call.

security-saml-sp-create-async

POST /api/security/authentication/cluster/saml-sp

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

cert-ca

certificate.ca

cert-common-name

certificate.common_name

cert-serial

certificate.serial_number

idp-uri

idp_uri

sp-host

host

verify-metadata-server

verify_metadata_server

security-saml-sp-destroy

DELETE /api/security/authentication/cluster/saml-sp

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

There are no attributes defined for this ONTAPI call.

security-saml-sp-get

GET /api/security/authentication/cluster/saml-sp

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

cert-ca

certificate.ca

cert-common-name

certificate.common_name

cert-serial

certificate.serial_number

idp-uri

idp_uri

is-enabled

enabled

sp-host

host

verify-metadata-server

verify_metadata_server

security-saml-sp-modify

PATCH /api/security/authentication/cluster/saml-sp

Usage: This ONTAPI call cannot be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

is-enabled

enabled

security-saml-sp-repair

This ONTAPI call does not have an equivalent REST API call.

security-saml-sp-status-get-iter

This ONTAPI call does not have an equivalent REST API call.

security-security-login-password-prepare-to-downgrade

Note: This is an unsupported ZAPI. Hence it is not exposed through a REST API.

This ONTAPI call does not have an equivalent REST API call.

security-ssh-add

PATCH /api/security/ssh/svms/{svm.uuid}

Note: To use the functionality of security-ssh-add for "Administrative SVM", use the PATCH /api/security/ssh REST API call.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

vserver

svm.uuid

svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API.

security-ssh-get-iter

GET /api/security/ssh/svms

Note: To use the functionality of security-ssh-get-iter for "Administrative SVM", use GET on /api/security/ssh REST API call

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

max-authentication-retry-count

max_authentication_retry_count

vserver-name

svm.name

Vserver parameter defaults to "Administrative SVM" in the REST API /api/security/ssh.

max-records

max_records

Specifies the maximum number of records to return before paging.

security-ssh-remove

PATCH /api/security/ssh/svms/{svm.uuid}

Note: To use the functionality of security-ssh-remove for "Administrative SVM", use the PATCH /api/security/ssh REST API call.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

vserver

svm.uuid

svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API.

security-ssh-reset

PATCH /api/security/ssh/svms/{svm.uuid}

Note: To reset the SSH configuration for "Administrative SVM", use the PATCH /api/security/ssh REST API call.

Usage: This ONTAPI call can be issued against Storage VM (SVM) management LIFs.

ONTAPI attribute REST attribute Comment

ciphers

ciphers

key-exchange-algorithms

key_exchange_algorithms

mac-algorithms

mac_algorithms

max-authentication-retry-count

max_authentication_retry_count

vserver

svm.uuid

svm.uuid is specified as a path parameter.The vserver parameter defaults to Administrative SVM for /api/security/ssh REST API.

ssh-prepare-to-downgrade

This ONTAPI call does not have an equivalent REST API call.