Security using RBAC
The REST API expands the role-based access control (RBAC) capabilities when using ONTAP. You can create user accounts with custom roles to restrict access to the REST endpoints.
Creating roles for the REST endpoints
A REST role is defined through a set of one or more privileges. Each privilege consists of a path to a REST endpoint and the associated access level. Access to each endpoint is provided in one of three levels and determines the HTTP methods that can be used against the resource. The access levels include:
All
All HTTP methods can be used
Read-only
Only GET can be used
None
No access is allowed
Here is an example of two privileges that can be assigned to a REST role:
access="readonly", path="/api/storage/volumes"
access="none", path="/api/snapmirror/policies"
Creating a user account with a custom role
At a high level, you can create an account with a custom REST role as follows:
Create a user account with access to the HTTP management protocol.
Create a REST role with the desired privileges.
Associate the user account with the role.