Role Permission for Halting Only does not working - CDOT

luiz_silva — Wed, 04 Jun 2025 18:38:39 GMT

Hi,

I'm trying to create an user with the following role permission:

netappcdot823::> security login role show -vserver netappcdot823 -role operators

VServer Role Name Command/Directory Query Access Level
------------------------------------------------------------
netappcdot823 operators DEFAULT none
netappcdot823 operators system node halt all

The objective is to create an user with the halt capability only, and no more permissions if possible.

When I login with that user and issue a "system node halt" command, it seems there is a lack of other permissions.

netappcdot823::> system node halt

Warning: Are you sure you want to halt node "netappcdot823-01"? {y|n}: y

Error: not authorized for that command

Note: I'm doing this on Ontap Simulator 8.2.3 CDOT.

Changing the "DEFAULT" access level to "all" works, but this is not desired because all other commands are also allowed (acts like an admin user).

Any idea?

Thanks!

Re: Role Permission for Halting Only does not working - CDOT

georgevj — Mon, 17 Oct 2016 06:41:37 GMT

Halting a node is supposed to be an administrative task, and often disruptive to the cluster too. It involves migrating LIFs, initiating takeover, ARLs, making changes to cluster quorum, RDB changes and perhaps affecting the resiliency of the cluster too. Why do you want to give the permission to a non-administrator to shutdown a node?I think that is way beyond any logic. 😞

topic Role Permission for Halting Only does not working - CDOT in ONTAP Discussions

Role Permission for Halting Only does not working - CDOT

Re: Role Permission for Halting Only does not working - CDOT