Subscribe

Managing administrator account lockdown on multiple filers

I want to remove root access from our admins and move to a delegated permissions model on our NetApp filers.  I can see how to do this but want to know of a way on implementing this on multiple filers.  13 currently and soon to be many more.

What have people used in the past and would to work well?

Thanks in advance

Brendon

Re: Managing administrator account lockdown on multiple filers

Hi,

I'm currently out of the office with limited access to email. I'll be back

in the office on Apr 21.

If this is an urgent support issue requiring NetCache L3 attention, contact

my manager Dick Hacking (Dick.Hacking@netapp.com). Otherwise, you may call

our support line at 1-888-4NETAPP.

I'll return return any mails when I'm back in the office.

Regards,

-jenni

--

Jennifer Coopersmith

NetCache Sustaining Engineer

NetApp Global Services

NetApp

408.822.6908 Direct

jenni@netapp.com

www.netapp.com

Re: Managing administrator account lockdown on multiple filers

Sorry

What have people used in the past and would to work well?

What have people used in the past and found to work well?

Re: Managing administrator account lockdown on multiple filers

Hi Brendon,

     You can use the Ontap RBAC Management of DFM to create users, roles and groups with permissions you wish to give.

Also the roles and groups  created in one filer can be pused to single or set of filers.

You can also manage their passwords using the password management of DFM.

Hope this is what you are looking for.

Re: Managing administrator account lockdown on multiple filers

Sound like it is RTFM time for me. Thanks for the heads up. Will have

a look tomorrow and come back.

Bren

Re: Managing administrator account lockdown on multiple filers

Also, from Ops Mgr you can issue commands to all filers that are under control. This could be a nice way to roll out the same user creation on each system or disabling certain features (telnet for instance) across all systems too.

Re: Managing administrator account lockdown on multiple filers

Turning off telnet (among many other things) can also be achieved by using Systems Configurations...

Cheers

Rich

Re: Managing administrator account lockdown on multiple filers

Is this the way you mean?

http://now.netapp.com/NOW/knowledge/docs/DFM_win/rel371/html/software/opsmgr/config11.htm

Overview of storage system configuration management tasks

Task overview  Top

The following steps are required to configure either multiple storage systems or vFiler units, or both, using Operations Manager. You must have enabled SNMP on the storage systems and DataFabric Manager must have already discovered them.

Re: Managing administrator account lockdown on multiple filers

Thats the config management that I mentioned above to Chris...

I can't find the link to the section of the doc in the Admin guide but it is detailed in the online help guide

http://<dfmserver>/help/dfm.htm#%3E%3Ecmd=1%3E%3Epan=2