useradmin role add ReadOnly –a “ above api commands” useradmin group add ReadOnlyGroup -Group -r ReadOnly useradmin domainuser add ADReadOnlyGroup -g ReadOnlyGroup
We used OnCommand System Manager and tried logging in to a controller as a domain user of the AD group. We were able to login and unable to create a volume,share etc. This is what we want. Works perfectly.
But we have so many controllers.
Question is - Is there a way in DFM to achieve the same thing. Basically create one unique readonly role ,group etc in DFM and push to all the controllers so few people have read only access using OnCommand System Manager