Monday, March 15, 2010

Setup Netapp System Manager Read-Only and Cifs Admins

I had a need to create a read-only account to access our netapp filers from Netapp System Manager but also wanted to have an account that had read-only to everything but read and write to cifs configuration.

Luckily creating a read-only account is clearly detailed in TR-3358 so I just had to add on the cifs read-write portion for my purposes. The following are the commands that I used. Note the pieces that I added to the info in TR-3358 were the role for cifs read/write adn the api-cf-status for an active/active filer.

useradmin role add nsm-login -a login-http-admin,api-system-get-*

useradmin role add nsm-view –a api-aggr-list-info,api-disk-sanown-list-info,api-license-list-info,api-options-get,api-perf-object-get-instances,api-snmp-status,api-volume-list-info*,cli-priv,api-aggr-options-list-info,api-aggr-check-spare-low,api-cf-status

useradmin role add nsm-volumes-view -a api-volume-get-root-name,api-snapshot-reserve-list-info,api-volume-get-language,api-volume-options-list-info,cli-date

useradmin role add nsm-sharedfolders-view -a api-cifs-share-list-iter*,api-nfs-exportfs-list-rules,api-cifs-session-list-iter*

useradmin role add nsm-qtree-view -a api-qtree-list-iter*

useradmin role add nsm-disk-view -a api-system-cli,api-disk-list-info,cli-options

useradmin role add nsm-aggr-view -a api-aggr-get-root-name,api-snapshot-list-info

useradmin role add nsm-sharedfolders-write -a cli-cifs,api-cifs*

**********************

useradmin group add nsm-storage-view-cifswrite -r nsm-login,nsm-view,nsm-volumes-view,nsm-sharedfolders-view,nsm-qtree-view,nsm-disk-view,nsm-aggr-view,nsm-sharedfolders-write

useradmin group add nsm-storage-view -r nsm-login,nsm-view,nsm-volumes-view,nsm-sharedfolders-view,nsm-qtree-view,nsm-disk-view,nsm-aggr-view

*********************

useradmin user add nsmcifsmgr -g nsm-storage-view,nsm-storage-view-cifswrite

useradmin user add nsmviewonly -g nsm-storage-view

2 comments:

Gerry Larsson said...

Cheers Dan - this saved me a couple of days :)

Rajeev said...

Great Dan... made my life easier :) :)

Appreciate it