The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Create DFM Monitoring Account

MSANDONASSGA

Hello,

i'm not getting anywhere with netapp support on this topic and was hoping somebody in the community might be able to help.

 

We currently use ROOT to monitor our systems in DFM.  I want to use an existing domain service account to do this function but I don't want to elevate it to ADMIN on the filers which is Netapp's first suggestion. 

 

Has anyone created a custom role on their filers that grants only the NECESSARY capabilities to an account so that it can perform DFM monitoring but is not an admin or has login capabilities?  If so, can you let me know the capabiliities you granted the role?

 

thank you.

 

Matt

1 ACCEPTED SOLUTION

JGPSHNTAP

It needs access to just about every API, so creating a role would be futile and a waste of time and effort.

 

Just create a domain service account and add it.  That's common practice.

 

If you want to break out the roles, it will take you a really long time and you will just get frustraded.

 

I manage 7-mode controllers that number in the 3 digits this way.

 

Just ensure service account password is under lock and key

 

View solution in original post

3 REPLIES 3

JGPSHNTAP

It needs access to just about every API, so creating a role would be futile and a waste of time and effort.

 

Just create a domain service account and add it.  That's common practice.

 

If you want to break out the roles, it will take you a really long time and you will just get frustraded.

 

I manage 7-mode controllers that number in the 3 digits this way.

 

Just ensure service account password is under lock and key

 

View solution in original post

Baiju

Hi,

 

If we go with AD service account, how can we make sure that  no one can login to filer using same account via ssh.  Thanks in advance.

 

 

MSANDONASSGA

Thanks for the input. Everything I've been reading bears this out.  We'll go this way.  thanks.

 

Matt

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public