2012-01-02 08:00 AM
For a few non-admins am I setting up permissions so they can use the Netapp System Manager to view settings and status.
I am running a FAS3140 with ontap 8.02 and a FAS 2050 with ontap 7.3.
I have created a new role using the useradmin command and have setup capabilities.
However there are a few capabilities missing for the new role.
The ability to view the qtrees, snapshot copies and the cifs shares.
The role that has been created so far:
Note: the individual capabilities are listed on separate lines to make them more readable. Ofcourse the command should be on 1 single line.
Note2: These capabilities were found in other posts in these forums.
useradmin role add <name of role> -a
Does anyone know which capabilities are missing?
Is there any documentation where all the roles are listed?
Any help would be appreciated!
Solved! SEE THE SOLUTION
2012-01-02 03:37 PM
The only really good list of capabilties I've ever seen was in the NetApp Manageability SDK, but you need NOW access and you have to apply for access to the SDK to get it. Another, easier place to look is in the NetAPp Powershell Toolkit, here: https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/data_ontap_powershell_toolkit_downloads
Download the file and look in the webhelp directory.
Another I've found useful is here:
ON page 3. That is a reasonable list of all of the available capabilities. I've never found a 100% comprehensive list, so if anyone out there knows of one, please post!
Try these capabilities:
Viewing Qtrees: api-qtree-list
List Snapshots: api-snapshot-list-info
List Cifs shares: api-cifs-share-list-*
2012-01-03 03:44 AM
That was very helpfull. Thanks a lot!
As you suggested I added these:
Also the PDF-link was very helpfull.
The 2 capabilities I added extra were found when I looked in the file <filer>/etc/log/ems. (just found this after reading your post)
This logfile contains entries like:
<LR d="03Jan2012 10:19:16" n="filername" pn="partner filer" t="1325582356" id="1314606018/25600" p="4" s="C=1U" o="api_mpool_09" vf="">
username="name of user"
Just add the needed capability and you're done.
2013-09-26 11:23 AM
Was running into similar issue, and found this in man on useradmin:
The api-* type includes all of the Ontap API calls. These commands are only available via login-httpadmin, so in general, any api-* command must also include this login. The format for this is api-<ontap-api-command> which means allow a specific command/subcommand. Here, it is possible to list only subcommands, like api-system-get-info or a command and it’s subcommands, like api-systemget-* , or even api-system-*