Chris Grindstaff

Thanks @mamoep! There are 20 permissions errors (see below) when running Harvest with Rest and RestPerf collectors when using the [permission list from above](https://github.com/NetApp/harvest/issues/2991#issuecomment-2175612227). Three of the "permission denied" failures...

Do you still consider it "least privilege" if you're required to add `/api/private/cli`? Adding `/api/private/cli` is identical to running `security login role create -role harvest2-role -access readonly -cmddirname "DEFAULT"`, which...

```bash version NetApp Release Mightysquirrel__9.15.1: Fri May 24 05:03:10 UTC 2024 ```

Perhaps what you are seeing is a simulator issue. I'll try on another cluster and report back. If I add `/api/private/cli` (which adds the wildcard RBAC), more things work. Here...

Adding `/api/private/cli` on a `NetApp Release 9.13.1P3: Wed Sep 20 01:37:11 UTC 2023` cluster does NOT touch the DEFAULT command. Adding `/api/private/cli` on a `NetApp Release 9.14.1P2: Tue Mar 19...

hi @mamoep I heard back from ONTAP. This change was intentional and not a bug (burt 1496317). When you specify the endpoint `/api/private/cli` as readonly, the DEFAULT access for the...

I have confirmed that if you add a subpath of `api/private/cli` the DEFAULT command access remains none. ```bash security login role show h-tmp-role Role Command/ Access Vserver Name Directory Query...

#3047 updates documentation and closes issue. @mamoep I'm waiting to hear back from ONTAP on whether this change can be back-ported and will update this issue when I have an...

Dashboards will be handled in a separate PR. Closing

Verified in `24.11` ddb97c57