Thanks @aladd for responding to my post. We've had SnapCenter running for over a year. When I set it up, my understanding was we needed a local account on any SVM that SnapCenter connected to with the admin role. Now, as a separate project, we are trying to beef up security and give all accounts the least amount of rights it needs.
I did see information on a recent SnapCenter update that indicated you can now simply create a connection to the cluster rather than an SVM.
So here are some questions:
- Is there no way to lock down a local SVM account in the same way as described by the articles for a local cluster account? (Or, at the very least, is it not documented anywhere as a procedure)?
- If I switch to connecting via cluster vs. SVM in SnapCenter, I could then follow the procedure in the articles. However, in some ways, I'm wondering if this would be less secure because I would be giving a lot of rights to the whole cluster (even though they're limited) vs. admin rights to a few SVMs. Thoughts?
- Is it possible to set the account that connects to storage to a domain level service account rather than a local account?