Active IQ Unified Manager Discussions

Create DFM Monitoring Account



i'm not getting anywhere with netapp support on this topic and was hoping somebody in the community might be able to help.


We currently use ROOT to monitor our systems in DFM.  I want to use an existing domain service account to do this function but I don't want to elevate it to ADMIN on the filers which is Netapp's first suggestion. 


Has anyone created a custom role on their filers that grants only the NECESSARY capabilities to an account so that it can perform DFM monitoring but is not an admin or has login capabilities?  If so, can you let me know the capabiliities you granted the role?


thank you.




Re: Create DFM Monitoring Account


It needs access to just about every API, so creating a role would be futile and a waste of time and effort.


Just create a domain service account and add it.  That's common practice.


If you want to break out the roles, it will take you a really long time and you will just get frustraded.


I manage 7-mode controllers that number in the 3 digits this way.


Just ensure service account password is under lock and key


View solution in original post

Re: Create DFM Monitoring Account


Thanks for the input. Everything I've been reading bears this out.  We'll go this way.  thanks.



Re: Create DFM Monitoring Account




If we go with AD service account, how can we make sure that  no one can login to filer using same account via ssh.  Thanks in advance.



Earn Rewards for Your Review!
GPI Review Banner
All Community Forums