2016-03-09 06:15 AM
i'm not getting anywhere with netapp support on this topic and was hoping somebody in the community might be able to help.
We currently use ROOT to monitor our systems in DFM. I want to use an existing domain service account to do this function but I don't want to elevate it to ADMIN on the filers which is Netapp's first suggestion.
Has anyone created a custom role on their filers that grants only the NECESSARY capabilities to an account so that it can perform DFM monitoring but is not an admin or has login capabilities? If so, can you let me know the capabiliities you granted the role?
Solved! SEE THE SOLUTION
2016-03-09 06:54 AM
It needs access to just about every API, so creating a role would be futile and a waste of time and effort.
Just create a domain service account and add it. That's common practice.
If you want to break out the roles, it will take you a really long time and you will just get frustraded.
I manage 7-mode controllers that number in the 3 digits this way.
Just ensure service account password is under lock and key