I've done some playing around with the SnapDrive account and discovered that it needs API-* capabilities to do what appears to be everything it needs to do. Is this true or am I missing something?
Also, I'd like to restrict the volumes that are visible by the SnapDrive account running on a particular host. For example, I'd like to ensure that HOSTA only see's the volumes and luns specific to HOSTA. HOSTA should not see the volumes/luns belonging to HOSTB or any of the NAS volumes on the filer. Is the SecureAccess.xml the only option for restricting the volume visibility of the SnapDrive account by host or is there something I can do through RBAC only (without using the SecureAccess.xml file)?
I was able to use RBAC integrated with DFM to restrict users based on DFM groups. This works great, and access is managed from DFM using accounts created to match the AD user accounts. You can then create the necessary roles and assign the SD access rights.