RBAC User Creator tool for VSC, VASA Provider and Storage Replication Adapter 7.0 for VMware vSphere

by Member on ‎2017-08-03 06:43 AM

Introduction

 

The RBAC User Creator for ONTAP® tool is a C# application that enables you to create RBAC users within ONTAP.
The list of privileges created are stored in an XML (ontapPrivs.xml) file. The XML file enables you to gather the following information:

1. You can verify the privileges of the new user created by RBAC User Creator tool.
2. You can add privileges or products later without the need to recompile the application.

 

The RBAC User Creator tool is a framework where all the products and the privileges for those products are listed in the XML file. You can easily add support for another product or product version by updating the information in the XML file.

 

RBAC User Creator tool for Virtual Storage Console, VASA Provider, and Storage Replication Adapter 7.0


This article describes how to use the RBAC User Creator tool for Virtual Storage Console, VASA Provider, and Storage Replication Adapter 7.0 for VMware vSphere. You can use the tool to create users for the below functionalities:


1. Virtual Storage Console
2. Virtual Storage Console and VASA Provider
3. Virtual Storage Console and Storage Replication Adapter
4. Virtual Storage Console, VASA Provider and Storage Replication Adapter

Please note that VSC, VASA Provider, and SRA 7.0 supports ONTAP versions 9.0 onwards only.


Once you have downloaded and installed the RBAC User Creator tool from the ToolChest, you will need to perform the below steps to provide support for VSC, VASA Provider and SRA 7.0.

Step 1: Replace XML for VSC, VASA Provider and SRA 7.0 support

 

To enable support for VSC, VASA Provider and SRA 7.0, please perform the following:

 

1. Download and keep a copy of the ontapPrivs.xml file (attached below).
2. Access the install directory of the RBAC User Creator tool.
This information is provided during installation. For example:- The default path would be: C:\Program Files (x86)\NetApp\RBAC User Creator
3. Replace the existing ontapPrivs.xml file with the downloaded .xml file.
4. Restart the RBAC User Creator tool.

You can start using the RBAC User Creator tool to create new roles and users.

 

Step 2: Setting up user names and privileges

 

You can create ONTAP user names with the privileges required for VSC, VASA Provider and SRA.

 

1. Enter the name of the admin user and IP of the storage system for which you want to create the user.
2. Click LOGIN .
The tool determines the controller type.
3. As the storage system is running ONTAP, the list of SVMs are displayed.
RBAC User Creator supports creating users on the Cluster-Admin SVM as well as on Data SVMs. Select the appropriate SVM from the drop-down list.
4. Select the product and product version depending on your requirements.
• For 7.0, you must select product as “VSC, VASA Provider and SRA”.
• If you wish to use only VSC, you must select product version as “VSC 7.0”.
• If you wish to use VASA Provider along with VSC, then you must select the product version as “VSC and VASA Provider 7.0”.
• If you wish to use SRA along with VSC, then you must select the product version as “VSC and SRA 7.0”.
• If you wish to use all three, VSC, VASA Provider and SRA, then you must select the product version as “VSC, VASA Provider and SRA 7.0”.
5. Select all the ONTAP privilege roles that apply.
RBAC User Creator tool merges all the privileges from the selected roles and combines them in a sorted list.
6. Enter a name for the role, user, and password, and then click Submit.
NOTE: RBAC User Creator requires admin storage credentials for creating new user names.

Step 3: Adding storage systems

 

1. Log in into your VSC, VASA Provider and SRA plugin from the vCenter.
2. Add the storage system using the new username and password.

 

Known issues

 

While providing a role name, do not provide any names that begin with “vsadmin”. This will prevent creating any new roles or users.


Downloading and using RBAC User Creator

 

Refer to the following link for details regarding download and usage of RBAC User Creator tool:
How to use the RBAC User Creator for ONTAP

 

Resources

 

Comments

When using this XML I've run into issues.  Many invalid commands due to version levels.  As near as i can see the syntax of ::

 

ontap-level-greater-equals

ontap-level-less

 

do not work (v2.7 of the tool).  Is there a more recent version of the tool that allows for this?  I've used

 

<ontap-dependent value="xxx">

...

</ontap-dependent>

 

 as a work around.

New Contributor

I receive the error "Command failed: Missing Input: role-query" when I try to create a user via RBAC user creator for VSC and VASA Provider 7.0 for all Data ONTAP privilege roles (Discovery, Create Storage, Modify Storage, Destroy Storage and Policy-Based Mgmt). The XML-file was replaced as described in your article. I am using RBAC tool version 2.7 and Data ONTAP 9.2.

Do you have any ideas what causes this issue?

 

Thank you in advance and kind regards,

Sascha

 

RBAC_error.png

Warning!

This NetApp Community is public and open website that is indexed by search engines such as Google. Participation in the NetApp Community is voluntary. All content posted on the NetApp Community is publicly viewable and available. This includes the rich text editor which is not encrypted for https.

In accordance to our Code of Conduct and Community Terms of Use DO NOT post or attach the following:

  • Software files (compressed or uncompressed)
  • Files that require an End User License Agreement (EULA)
  • Confidential information
  • Personal data you do not want publicly available
  • Another’s personally identifiable information
  • Copyrighted materials without the permission of the copyright owner

Files and content that do not abide by the Community Terms of Use or Code of Conduct will be removed. Continued non-compliance may result in NetApp Community account restrictions or termination.