https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73064#M6615 <HTML><HEAD></HEAD><BODY><P>Hi Luis,</P><P></P><P>Thank you for the reply. I thought I must have been missing something really obvious because it didn't make sense and nobody else would engage with the question.</P><P>I have added the bug to my watch list.</P><P></P><P>Thank you for taking the time to post.</P><P></P><P>Richard</P></BODY></HTML> Thu, 17 Oct 2013 13:41:49 GMT richard_mackerras 2013-10-17T13:41:49Z https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73049#M6613 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Our Service Desk want access to the filer to close open files. This seems to be a problem at shift changes where a file remains locked which another user needs to edit. The preferred access tool is "Computer Management" (or alternatively Hyena).</P><P></P><P>If I put a Service desk user, or the AD group created for the purpose into the "Power Users"&nbsp; they can do what they need to do.</P><P>If I put a Service desk user, or the AD group created for the purpose into a group I defined, using a role I defined, they get access denied.</P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">toaster&gt; useradmin domainuser list&nbsp; -g&nbsp; "Power users"</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">List of SIDS in Power users</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">S-1-5-...</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin domainuser list&nbsp; -g&nbsp; isservicedesk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">List of SIDS in isservicedesk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">S-1-5-...</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; cifs lookup S-1-5-...</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">name = AD\System - NetApp Operators</SPAN></P><P></P><P>I have not changed the "Power Users" group</P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin group list "Power Users"</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name: Power Users</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info: Members that can share directories</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Rid: 547</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Roles: power</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*</SPAN></P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin role list power</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name:&nbsp;&nbsp;&nbsp; power</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info:&nbsp;&nbsp;&nbsp; Default role for power user privileges.</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*</SPAN></P><P></P><P>I have attempted to duplicate it twice, firstly with no NFS related access.</P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin group list Service_Desk_Team</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name: Service_Desk_Team</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info: HEAT 01062308 - Oracle Ent Mananger</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Rid: 131083</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Roles: op_api_cifs</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-useradmin*,api-cifs-*,login-*,api-system-api-*</SPAN></P><P></P><P style="padding-left: 60px;"><SPAN style="font-size: 10pt; line-height: 1.5em; font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin role list op_api_cifs</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name:&nbsp;&nbsp;&nbsp; op_api_cifs</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info:&nbsp;&nbsp;&nbsp; Service Desk Mananger - HEAT 01062308</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-useradmin*,api-cifs-*,login-*,api-system-api-*</SPAN></P><P></P><P>That didn't work, so I added back in the NFS access, then I made an exact copy of "Power Users" with all new names.</P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin group list isservicedesk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name: isservicedesk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info: TS Service Desk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Rid: 131084</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Roles: issdrole</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*</SPAN></P><P></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;"><SPAN style="font-family: 'courier new', courier;">toaster</SPAN>&gt; useradmin role list issdrole</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Name:&nbsp;&nbsp;&nbsp; issdrole</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Info:&nbsp;&nbsp;&nbsp; CustServDesk</SPAN></P><P style="padding-left: 60px;"><SPAN style="font-family: 'courier new', courier;">Allowed Capabilities: cli-cifs*,cli-exportfs*,cli-nfs*,cli-useradmin*,api-cifs-*,api-nfs-*,login-telnet,login-http-admin,login-rsh,login-ssh,api-system-api-*</SPAN></P><P></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Why then is it that the Power Users group lets them do their work, but the groups I defined don't?</SPAN></P><P>I have other groups to create for other people but there is no point proceeding if I can't understand this.</P><P></P><P>I practiced this on an old FAS270 DOT 7.3.3P5, I need it to work on an IBM N-6240 (FAS3240) running Data ONTAP Release 8.1.2P4. It has not worked on either.</P><P>What am I missing?</P><P></P><P>Thanks,</P><P></P><P>Richard Mackerras </P></BODY></HTML> Thu, 05 Jun 2025 05:55:23 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73049#M6613 richard_mackerras 2025-06-05T05:55:23Z https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73055#M6614 <HTML><HEAD></HEAD><BODY><P>Hi Richard,</P><P></P><P>I have the same problem.</P><P>Check this response from Netapp engineering:</P><P></P><P>Members of the custom users group doesn't have access to session management through MMC</P><P><A class="jive-link-external-small" href="http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=748112" target="_blank">http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=748112</A></P><P></P><P>TITLE:</P><P>Members of the custom users group doesn't have access to session management through MMC</P><P></P><P>DESCRIPTION:</P><P>The users can manage the sessions through MMC, only if they belong to Administrators or "Power Users" group.&nbsp; The other custom group members can't manage this, even though the group they belong to has the roles of</P><P>"admin" and/or "power".&nbsp; This occurs because the access check for session management through MMC is based on the RID that is assigned to the group and not theroles of the group.</P><P></P><P>WORKAROUND:</P><P>No workaround exists this feature is by the design</P><P></P><P>Thanks,</P><P></P><P>Luis Meireles</P></BODY></HTML> Wed, 16 Oct 2013 18:13:04 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73055#M6614 LMEIRELES 2013-10-16T18:13:04Z https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73064#M6615 <HTML><HEAD></HEAD><BODY><P>Hi Luis,</P><P></P><P>Thank you for the reply. I thought I must have been missing something really obvious because it didn't make sense and nobody else would engage with the question.</P><P>I have added the bug to my watch list.</P><P></P><P>Thank you for taking the time to post.</P><P></P><P>Richard</P></BODY></HTML> Thu, 17 Oct 2013 13:41:49 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/useradmin-role-and-group-will-not-work/m-p/73064#M6615 richard_mackerras 2013-10-17T13:41:49Z