Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

User with limited capatibilities - System Manager

klemen_bregar

Hi!

I would like to create »read-only« user for monitoring using system manager.

I have created next role with these capatiblities:

useradmin role add monitor -a   api-aggr-check-spare-low,api-aggr-get*,api-aggr-list-info,api-aggr-options-list-info,api-cf-status,api-disk-list-info,api-disk-sanown-list-info,api-license-list-info,api-options-get,api-perf-object-get-instances,api-snapshot-reserve-list-info,api-snmp-status,api-system-get*,api-volume-get*,api-volume-list*,api-volume-options-list*,cli-priv,login-http-admin,api-clock-get-timezone,api-lun-list-info,api-igroup-list-info,api-cifs-share-list-iter-start,api-useradmin-user-list,api-useradmin-group-list,api-registry-list-info,api-registry-get,api-nfs-status,api-iscsi-interface-list-info,api-iscsi-service-status,api-fcp-service-status,api-fcp-adapter-list-info,api-file-read-file,api-options-list-info,api-snmp-get,api-perf-object-counter-list-info,api-clock-get-clock,api-snapshot-list-info,api-system-cli,cli-uptime,api-cifs-share-list-iter-next,api-lun-initiator-list-map-info,api-lun-get-comment,api-lun-map-list-info,login-ssh,api-registry-set

Then i have created group with role (»smonitor«):

Useradmin group add skr-fas-monitor –r monitor


And finally i have created user (»ro-user«):

Useradmin user add ro-user –g monitor

The problem is that i can login normally with that user in CLI interface (putty). Login into System Manager is not working. I have both capatibilities for login: »login-http-admin« and »login-ssh«.

DataONTAP version is 8.1.2. In version DataONTAP 7.3.6 this is working OK.

I have also found this KB: https://kb.netapp.com/support/index?page=content&id=1011412&locale=en_US

But also not working with 8.1.3.

Do i have to add some extra API-capatibilites for System Manager?

Can you help me with that? Does anybody know a solution for this?

Thank you!

Klemen

1 ACCEPTED SOLUTION

kryan

Hi Klemen,

There is an example of a working 8.1.2 read-only user configuration here:

https://forums.netapp.com/message/201528#201528

Thanks,

Kevin

View solution in original post

2 REPLIES 2

kryan

Hi Klemen,

There is an example of a working 8.1.2 read-only user configuration here:

https://forums.netapp.com/message/201528#201528

Thanks,

Kevin

View solution in original post

klemen_bregar

Hi!

Thanks for this. Everything is working OK now.

With regards,

Klemen

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public