Active IQ Unified Manager Discussions

Capabilies needed for a DOT user configured in OnCommand

hferdina
3,263 Views

Hi,

My customer doesn't want to use root user for connecting from Operation Manager to controlers.

He prefers to use a specific user with capability set in a role.

I made some test, and find this capabilities as requested (errors generated by my user set in dfm) :

login-http-admin,api-snapshot-get-schedule,api-volume-list-info,api-perf-object-get-instances,api-system-cli,api-ipspace-list-info,api-fcp-adapter-list-info,api-perf-object-list-info,api-vfiler-get-status,api-volume-move-status,api-volume-get-language,api-aggr-list-info,api-volume-get-root-name,api-perf-object-counter-list-info,api-lun-config-check-cfmode-info,security-priv-advanced,login-ssh,api-perf-object-instance-list-info

Is there any way to get a complete list of capabilities needed?

Regards

Hervé

3 REPLIES 3

adaikkap
3,263 Views

Is there any one particular capability that you want to prevent ? Also what are the functionality of Operation manager are you planning to use ?Like

is it only Operation Manager ? or Performance Advisor or Protection Manager or Provisioning Manager ?

Regards

adai

niels
3,263 Views

Hi Hervé,

the following link gets you to a KB article for creating a read-only user in DFM/OM.

https://kb.netapp.com/support/index?page=content&id=1011412

Unfortunately it ends what's required for OPNTAP 7.3.2, but it should give you an idea on what's needed.

After having created such user, observe the ONTAP messages to see if any errors are logged regarding missing capabilities.

regards, Niels

hferdina
3,263 Views

Thnaks!!

That's what i'm looking for!

Great!

Public