ONTAP Discussions

Need to create a Data OnTap user for shutdown purposes only

KENBUNCE0
4,449 Views

Hi,

I am looking for some direction here. I am trying to develop a procedural document for performing emergency shutdowns of our filers in our various data centers. I would like to create a user account that only has the capability to perform the following::

  • cf disable
  • halt cifs
  • halt nfs
  • shutdown a filer
  • halt
  • boot

I am being told that to perform these functions the user must be a full admin.but this will not work in my environment. Is it possible to automate this procedure? I have both 7-mode and cluster mode filers to deal with.

Any assistance would be greatly appreciated,

Ken

1 ACCEPTED SOLUTION

aborzenkov
4,449 Views

You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.

If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.

View solution in original post

3 REPLIES 3

aborzenkov
4,450 Views

You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.

If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.

KENBUNCE0
4,449 Views

Thank you for your response. This makes more sense than the reply I got back from support. Do you have an example PowerShell script for performing a shutdown or know where I can find one?

aborzenkov
4,449 Views

RBAC is described in TR-3358 (there could be updates, did not check). Data ONTAP API is documented here: http://support.netapp.com/documentation/productlibrary/index.html?productID=60427. And PowerShell bindings are available on community site: https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/data_ontap_powershell_toolkit_downloads

Public