Subscribe

Shutdown Script with RBAC

[ Edited ]

Hi folks,

 

I'm trying to do an automated shutdown using powershell toolkit, involving Invoke-NCSsh (Clustered DataONTAP)

Problem is, as long as the user (in the script) has the role set DEFAULT = ALL this script works.

 

connect first controller

system node halt -node Cluster-01 -inhibit-takeover true -skip-lif-migration-before-shutdown true

connect second controller

system node halt -node Cluster-02 -inhibit-takeover true -skip-lif-migration-before-shutdown true

 

prompts "Error not authorized for that command"

 

As soon as I change the role of the user to DEFAULT=read-only and grant only access to "system" = all, this script won't work.

A normal SSH session via putty and the same user lets me halt the controllers manually.

 

Am I missing something in the RBAC rights management?

 

Thanks,

Michael