Active IQ Unified Manager Discussions

create a readonly user via DFM for oncommand system manager


This is what we did and works.

We found this document -
We created a Windows AD test group called "ADReadOnlyGroup" and added storage admins.
We SSh'd to a controller and issued the following commands.

useradmin role add ReadOnly –a “ above api commands”
useradmin group add ReadOnlyGroup -Group -r ReadOnly
useradmin domainuser add ADReadOnlyGroup -g ReadOnlyGroup

We used OnCommand System Manager and tried logging in to a controller as a domain user of the AD group. We were able to login and unable to create a volume,share etc. This is what we want. Works perfectly.

But we have so many controllers.

Question is - Is there a way in DFM to achieve the same thing. Basically create one unique readonly role ,group etc in DFM and push to all the controllers so few people have read only access using OnCommand System Manager


Re: create a readonly user via DFM for oncommand system manager


Actually - Yes - and you arer already half way through 😉

Now that you already have the role, group and user created, OnCommand Core (aka DFM, aka Operations Manager) will pick it up after its next scan of this storage controller.

Afterwards you are able to push the role, group and user to all remaining controllers.

First you push the role, afterwards the group and lastly the user. Unfortunately ir cannot be done in a single shot.

Following are the steps with the "old" Operations Manager GUI:


Navigate to "Host Users":


Select tab "roles":


In the "List of existing roles" find the controller and the role that's already been configured:


Click on "push".


In the following dialogue click "select" to select the controllers to push the role to:


Select the appropriate controllers in the pop-up window in click "OK":


Now click "push" in the previous dialogue and DFM will create and execute a job to push the role to all selected controllers.

Perform the same steps with the group and user you created. Just click on the "User Groups" or "Domain Users" tab in step 2.). The rest is the same.

Regards, Niels

View solution in original post

Re: create a readonly user via DFM for oncommand system manager


Niels - Thanks for the clear steps with images. I will give a shot and I am 100% sure this will work.

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums