Subscribe

Grant user to create/delete snapshot only to specific volumes?

Hi,

 

cDOT 8.3 on FAS8020

 

Is there a way to grant a cDOT local user to create/delete snapshots only to a specific set of volumes? I know I can create a custom role to allow only snapshot creations/deletions but is there a way to further restrict to only a set of volumes?

 

thanks,

Re: Grant user to create/delete snapshot only to specific volumes?

Hi,

 

You can try below steps,

 

security login role create snapRole -cmddirname "volume snapshot" -access all -vserver <vservername>
security login role modify -role snapRole -cmddirname DEFAULT -vserver <vservername> -access none
security login create -user-or-group-name snapUser -application ontapi -authmethod password -role snapRole -vserver <vservername>

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Grant user to create/delete snapshot only to specific volumes?

[ Edited ]

You can use queries with the role create/modify command to do this. For example, 

 

cluster::>   security login role create -role testrole -vserver <vservername>  -access all -cmddirname "volume snapshot"  -query  "-volume *abc*|nfs*"

 

this command will create a role that lets the user access snapshots only for volumes with names starting with "nfs" or volumes with the pattern "abc" somewhere in thier names.

 

Hope you understood.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.