We ran into this same issue, trying to create RO user for GUI and found that custom roles are not supported for login to sysmgr. That same user could ssh with the same role defined, but no GUI.

On Mon, Nov 30, 2020 at 11:23 AM Heino Walther <hw@beardmann.dk> wrote:

Hi

 

I’m trying to create a local user role that allows login via the web GUI, and update the snapmirror relations, but not be able to delete them or any volumes for that matter…

 

I thought this was a walk in the park, but somehow I run into the same issue…

 

I start by creating a simple role:

 

security login role ad -role ro -cmddirname DEFAULT -access all

security login role create -role ro -cmddirname volume -access readonly

 

I create a new user and assign the role:

 

security login create -user-or-group-name rotest -application http -authentication-method password -role ro

 

When trying to login, it fails like the password is wrong….  But why?

 

I even tried to create a role identical to the admin role (basically just the first of the two lines above), and even twith that, it is not possible to login to the web GUI…

 

I’m beginning to fear that you need to have the admin role in order to login to the web GUI…

 

Can someone please confirm that this is true… I almost cannot believe it 😉

 

/Heino

_______________________________________________
Toasters mailing list
Toasters@teaparty.net
https://www.teaparty.net/mailman/listinfo/toasters