Subscribe
Accepted Solution

Giving cli access to specific commands

Hi,

    I want to provide an auditor cli access to our Netapp system. I obviously dont want to give this person root access or even compliance or power user. What I want is to create a new user with access to only certain commands - or rather only commands with specific flags. For example, I want to give this person access to "lun show -m" rather than "lun offline". If I create a new profile for this user, I'm only able to add "cli-lun" which gives access to all the sub-commands under it. Does anyone know a way to do this?

Thanks in advance.

Giving cli access to specific commands

Hi

You need to create a new local group (e.g. auditors) and a new role (e.g. r_auditors). Then add the command cli-lun-show* to the role and the user account into the group. This way this particular user can only execute the lun show cli command...

To have him connect with the cli you also need to add thisi capability to the role "r_auditors":

login-ssh

the command to  accomplish this:

useradmin group

useradmin role

useradmin user

Hope this helps,

Peter

Giving cli access to specific commands

Hi Peter

    This is the command I gave:

useradmin role modify auditorrole -a login-ssh,cli-lun-show*

but getting error:

Invalid capabilities: cli-lun-show*

Thanks,

Jithu

Giving cli access to specific commands

Anyone has any idea about this?

Giving cli access to specific commands

Sorry, I was wrong with my example cli-lun-show*...

https://kb.netapp.com/support/index?page=content&id=3011260

You can set it to all commands with cli* or one level deeper e.g. cli-vol* or cli-lun*, that's it.

Peter

Giving cli access to specific commands

Thanks, Peter