Problem:
You have created an account in NetApp ONTAP 9 on the SAN but when you try to login with it you get HTTP 401 – Unauthorized.
Solution:
The issue is that you have not assigned any services to the role. Annoyingly this cannot be done within the ONTAP GUI so you will have to do it via the command line:
First run the show command to see what access your custom role has:
vserver services web access show -role YourCustomRole
Then run these three commands to give your role admin access and to be able to login:
vserver services web access create -vserver YourVserverName -name saml -role YourCustomRole vserver services web access create -vserver YourVserverName -name sysmgr -role YourCustomRole vserver services web access create -vserver YourVserverName -name security -role YourCustomRole
Then make any security policy changes needed for your role, in this example we lock the account for 30 seconds if the password is entered incorrectly:
security login role config modify -vserver YourVserverName -role YourCustomRole -delay-after-failed-login 30
Its advisable to secure the role that your users login with with security policies and make sure your break-glass account is in another role so it will not be affected.