Skip to main content
SnapCenter Plug-in for VMware vSphere 5.0

ONTAP privileges required

Contributors netapp-jani netapp-madhulik

The minimum ONTAP privileges that are required vary according to the SnapCenter plug-ins you are using for data protection.

Note Beginning with SnapCenter Plug-in for VMware (SCV) 5.0, you need to add applications of type HTTP and ONTAPI as user login methods for any ONTAP users with customized role-based access to the SCV. Without access to these applications, backups will fail. You need to restart the SCV service to recognize changes to ONTAP user login methods.

Minimum ONTAP privileges required

All SnapCenter plug-ins require the following minimum privileges.

All-access commands: Minimum privileges required for ONTAP 8.3 and later

cluster identity show

event generate-autosupport-log

job history show
job show
job stop

lun create
lun delete
lun igroup add
lun igroup create
lun igroup delete
lun igroup rename
lun igroup show
lun mapping add-reporting-nodes
lun mapping create
lun mapping delete
lun mapping remove-reporting-nodes
lun mapping show
lun modify
lun move-in-volume
lun offline
lun online
lun persistent-reservation clear
lun resize
lun serial
lun show

snapmirror list-destinations
snapmirror policy add-rule
snapmirror policy modify-rule
snapmirror policy remove-rule
snapmirror policy show
snapmirror restore
snapmirror show
snapmirror show-history
snapmirror update
snapmirror update-ls-set


volume clone create
volume clone show
volume clone split start
volume clone split stop
volume create
volume delete
volume destroy
volume file clone create
volume file show-disk-usage
volume offline
volume online
volume modify
volume qtree create
volume qtree delete
volume qtree modify
volume qtree show
volume restrict
volume show
volume snapshot create
volume snapshot delete
volume snapshot modify
volume snapshot rename
volume snapshot restore
volume snapshot restore-file
volume snapshot show
volume unmount

vserver cifs
vserver cifs share create
vserver cifs share delete
vserver cifs shadowcopy show
vserver cifs share show
vserver cifs show
vserver export-policy
vserver export-policy create
vserver export-policy delete
vserver export-policy rule create
vserver export-policy rule show
vserver export-policy show
vserver iscsi
vserver iscsi connection show
vserver show
network interface
network interface failover-groups
network interface show

Read-only Commands: Minimum Privileges Required for ONTAP 8.3 and Later

vserver peer

Note You can ignore the warning messages about the unsupported vServer commands.

Additional ONTAP information

  • If you are running ONTAP 8.2.x:

    You must login as vsadmin on the storage VM to have the appropriate privileges for SnapCenter Plug-in for VMware vSphere operations.

  • If you are running ONTAP 8.3 and later:

    You must login as vsadmin or with a role that has the minimum privileges listed in the tables above.

  • You need to be the cluster admin to create and manage user roles. You can associate the users either with Cluster storage VM or with storage VM.

  • You need ONTAP 9.12.1 or later versions to use SnapMirror Business Continuity (SM-BC) feature.

  • To use TamperProof Snapshot (TPS) feature:

    • You need ONTAP 9.13.1 and later versions for SAN

    • You need ONTAP 9.12.1 and later versions for NFS

Note For ONTAP version 9.11.1 and later, the communication to ONTAP cluster is through REST APIs. The ONTAP user should have http application enabled. However, if there are issues found with ONTAP REST APIs, the configuration key 'FORCE_ZAPI' helps the switchover to traditional ZAPI workflow. You may need to add or update this key using the config APIS and set it to true. See KB article, How to use RestAPI to edit configuration parameters in SCV.