Data Backup and Recovery
Data Backup and Recovery
Hello,
I need some insight into the best way to lock down the local SnapCenter account on a NetApp cluster. The following articles outline several steps, however the role they outline includes cluster and vserver commands. I don't believe those commands work in an SVM context. The account we have right now resides in SVMs that contain datastores and iSCSI LUNs, all backed up by SnapCenter.
In summary: I want to assign the limited rights recommended below, but can't assign them all if the account is in an SVM <if I understand correctly>. Anyone have an insight into this?
Solved! See The Solution
A colleague of mine found an article describing how to lock down the account at the SVM level. Here is it in case anyone searches this topic:
If you are providing SnapCenter with the Vserver admin login, it is restricted only to that vserver. if you wish for it to have access to the cluster vserver, then you can use the documentation you have listed to restrict its rights to ONTAPI calls only.
What does your end goal look like for the SnapCenter deployment?
Thanks @aladd for responding to my post. We've had SnapCenter running for over a year. When I set it up, my understanding was we needed a local account on any SVM that SnapCenter connected to with the admin role. Now, as a separate project, we are trying to beef up security and give all accounts the least amount of rights it needs.
I did see information on a recent SnapCenter update that indicated you can now simply create a connection to the cluster rather than an SVM.
So here are some questions:
A colleague of mine found an article describing how to lock down the account at the SVM level. Here is it in case anyone searches this topic: