I had a need to create a read-only account to access our netapp filers from Netapp System Manager but also wanted to have an account that had read-only to everything but read and write to cifs configuration.
Luckily creating a read-only account is clearly detailed in TR-3358 so I just had to add on the cifs read-write portion for my purposes. The following are the commands that I used. Note the pieces that I added to the info in TR-3358 were the role for cifs read/write adn the api-cf-status for an active/active filer.
useradmin role add nsm-login -a login-http-admin,api-system-get-*
useradmin role add nsm-view –a api-aggr-list-info,api-disk-sanown-list-info,api-license-list-info,api-options-get,api-perf-object-get-instances,api-snmp-status,api-volume-list-info*,cli-priv,api-aggr-options-list-info,api-aggr-check-spare-low,api-cf-status
useradmin role add nsm-volumes-view -a api-volume-get-root-name,api-snapshot-reserve-list-info,api-volume-get-language,api-volume-options-list-info,cli-date
useradmin role add nsm-sharedfolders-view -a api-cifs-share-list-iter*,api-nfs-exportfs-list-rules,api-cifs-session-list-iter*
useradmin role add nsm-qtree-view -a api-qtree-list-iter*
useradmin role add nsm-disk-view -a api-system-cli,api-disk-list-info,cli-options
useradmin role add nsm-aggr-view -a api-aggr-get-root-name,api-snapshot-list-info
useradmin role add nsm-sharedfolders-write -a cli-cifs,api-cifs*
**********************
useradmin group add nsm-storage-view-cifswrite -r nsm-login,nsm-view,nsm-volumes-view,nsm-sharedfolders-view,nsm-qtree-view,nsm-disk-view,nsm-aggr-view,nsm-sharedfolders-write
useradmin group add nsm-storage-view -r nsm-login,nsm-view,nsm-volumes-view,nsm-sharedfolders-view,nsm-qtree-view,nsm-disk-view,nsm-aggr-view
*********************
useradmin user add nsmcifsmgr -g nsm-storage-view,nsm-storage-view-cifswrite
useradmin user add nsmviewonly -g nsm-storage-view
2 comments:
Cheers Dan - this saved me a couple of days :)
Great Dan... made my life easier :) :)
Appreciate it
Post a Comment