Subscribe

How to grant VServer Admin privs to enable SIS on a volume

Hi Guys:

Running this on ONTAP 8.2 cluster-mode.

When I enable sis on a volume with cluster admin credentials, it works. However, with I try to do this with vserver admin creds, I get

Insufficient privileges: user 'vsadmin' does not have write access to this resource

How do I grant vserver admin privileges to enable sis on a volume?

Thanks much for your help.

rle Former NetApp Employee

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Brajesh,

Does the Vserver have access to the volume?  Does volume efficienty on work on the volume from the same Vserver context?

Regards,

   - Rick -

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Rick:

Volume and a qtree within the volume was created by the Vserver admin.

How do I know which context the volume efficiency would work? I do want the sis to be enabled on this volume. I do want volume efficiency to work in the context of this Vserver.

cheers,

Brajesh.

rle Former NetApp Employee

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Brajesh,

Try the "vserver context <vserver>" in the CLI.  All commands until "exit" are executed in the that vserver context.

Well, I just tried going into the vserver context and there is the "volume efficiency" command is not present in the vserver context.  With that in mind I think that the sis-enable API is not allowed in the vserver context.  It is allowed in the DOM, but not in the command via privileges. Looks like a bug to me.

I'm surprised you need to use this API.  Just created the volume with dedeup enabled.

Regards,

   - Rick -

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Rick:

I may be using the wrong API. What's the right API in SDK to enable dedupe on volume?

cheers,

Brajesh.

rle Former NetApp Employee

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Brajesh,

I looked at a WFA workflow and the create volume command does this:

        # Set deduplication

        if ($Deduplication)

        {

        Get-WFALogger -Info -message "Enabling deduplication"

        Enable-NcSis -Name $VolumeName -VserverContext $VserverName

        }

This implies to me that the PowerShell library is doing a system-cli of the storage efficiency command to the cluster admin.  It looks like you hit burt 570805, which is not public at this time.  I requested a public update.  It is suggested in the burt that you can add a custom role to vsadmin.  I am attempting to get clarafication.

Regards,

   - Rick -

Re: How to grant VServer Admin privs to enable SIS on a volume

Thanks much Rick. Would you how to grant this role to vsadmin?

rle Former NetApp Employee

Re: How to grant VServer Admin privs to enable SIS on a volume

Hi Brajesh,

After a little research, I discovered that you can't change pre-defined roles like vsadmin.  You will have to create a new role with the security-login-role-create API.  I have not used these APIs, so you'll be exploring on your own.  Once you create a new role, you can assign a user to it.  Have fun.

Regards,

   - Rick -