Configuring access to web services allows authorized users to use HTTP or HTTPS to access the service content on the cluster or a Storage Virtual Machine (SVM).
- If a firewall is enabled, ensure that HTTP or HTTPS access is set up in the firewall policy for the LIF that will be used for web services:
Note: You can check whether a firewall is enabled by using the
system services firewall show command.
- To verify that HTTP or HTTPS is set up in the firewall policy, use the
system services firewall policy show command.
You set the
-service parameter of the
system services firewall policy create command to
https to enable the policy to support web access.
- To verify that the firewall policy supporting HTTP or HTTPS is associated with the LIF that provides web services, use the
network interface show command with the
You use the
network interface modify command with the
-firewall-policy parameter to put the firewall policy into effect for a LIF.
- To configure the cluster-level web protocol engine and make web service content accessible, use the
system services web modify command.
- If you plan to use secure web services (HTTPS), enable SSL and provide digital certificate information for the cluster or SVM by using the
security ssl modify command.
- To enable a web service for the cluster or SVM, use the
vserver services web modify command.
You must repeat this step for each service that you want to enable for the cluster or SVM.
- To authorize a role to access web services on the cluster or SVM, use the
vserver services web access create command.
The role that you grant access must already exist. You can display existing roles by using the
security login role show command or create new roles by using the
security login role create command.
- For a role that has been authorized to access a web service, ensure that its users are also configured with the correct access method by checking the output of
the security login show command.
To access the Data ONTAP API web service (ontapi
), a user must be configured with the
access method. To access all other web services, a user must be configured with the
Note: You use the
security login create command to add an access method for a user.