Configure access to web services
Configuring access to web services allows authorized users to use HTTP or HTTPS to access the service content on the cluster or a storage virtual machine (SVM).
If a firewall is enabled, ensure that HTTP or HTTPS access is set up in the firewall policy for the LIF that will be used for web services:
You can check whether a firewall is enabled by using the
system services firewall showcommand.
To verify that HTTP or HTTPS is set up in the firewall policy, use the
system services firewall policy showcommand.
You set the
-serviceparameter of the
system services firewall policy createcommand to
httpsto enable the policy to support web access.
To verify that the firewall policy supporting HTTP or HTTPS is associated with the LIF that provides web services, use the
network interface showcommand with the
You use the
network interface modifycommand with the
-firewall-policyparameter to put the firewall policy into effect for a LIF.
To configure the cluster-level web protocol engine and make web service content accessible, use the
system services web modifycommand.
If you plan to use secure web services (HTTPS), enable SSL and provide digital certificate information for the cluster or SVM by using the
security ssl modifycommand.
To enable a web service for the cluster or SVM, use the
vserver services web modifycommand.
You must repeat this step for each service that you want to enable for the cluster or SVM.
To authorize a role to access web services on the cluster or SVM, use the
vserver services web access createcommand.
The role that you grant access must already exist. You can display existing roles by using the
security login role showcommand or create new roles by using the
security login role createcommand.
For a role that has been authorized to access a web service, ensure that its users are also configured with the correct access method by checking the output of the
security login showcommand.
To access the ONTAP API web service (
ontapi), a user must be configured with the
ontapiaccess method. To access all other web services, a user must be configured with the
You use the
security login createcommand to add an access method for a user.