Manage web services overview

Contributors

You can enable or disable a web service for the cluster or a storage virtual machine (SVM), display the settings for web services, and control whether users of a role can access a web service.

You can manage web services for the cluster or an SVM in the following ways:

  • Enabling or disabling a specific web service

  • Specifying whether access to a web service is restricted to only encrypted HTTP (SSL)

  • Displaying the availability of web services

  • Allowing or disallowing users of a role to access a web service

  • Displaying the roles that are permitted to access a web service

For a user to access a web service, all of the following conditions must be met:

  • The user must be authenticated.

    For instance, a web service might prompt for a user name and password. The user’s response must match a valid account.

  • The user must be set up with the correct access method.

    Authentication only succeeds for users with the correct access method for the given web service. For the ONTAP API web service (ontapi), users must have the ontapi access method. For all other web services, users must have the http access method.

    Note

    You use the security login commands to manage users’ access methods and authentication methods.

  • The web service must be configured to allow the user’s access-control role.

    Note

    You use the vserver services web access commands to control a role’s access to a web service.

If a firewall is enabled, the firewall policy for the LIF to be used for web services must be set up to allow HTTP or HTTPS.

If you use HTTPS for web service access, SSL for the cluster or SVM that offers the web service must also be enabled, and you must provide a digital certificate for the cluster or SVM.