2011-07-06 01:38 AM
I want to provide an auditor cli access to our Netapp system. I obviously dont want to give this person root access or even compliance or power user. What I want is to create a new user with access to only certain commands - or rather only commands with specific flags. For example, I want to give this person access to "lun show -m" rather than "lun offline". If I create a new profile for this user, I'm only able to add "cli-lun" which gives access to all the sub-commands under it. Does anyone know a way to do this?
Thanks in advance.
Solved! SEE THE SOLUTION
2011-07-06 01:50 AM
You need to create a new local group (e.g. auditors) and a new role (e.g. r_auditors). Then add the command cli-lun-show* to the role and the user account into the group. This way this particular user can only execute the lun show cli command...
To have him connect with the cli you also need to add thisi capability to the role "r_auditors":
the command to accomplish this:
Hope this helps,
2011-07-07 06:37 AM
Sorry, I was wrong with my example cli-lun-show*...
You can set it to all commands with cli* or one level deeper e.g. cli-vol* or cli-lun*, that's it.