ONTAP Discussions

Grant user to create/delete snapshot only to specific volumes?

ACHOU_SIMG
3,881 Views

Hi,

 

cDOT 8.3 on FAS8020

 

Is there a way to grant a cDOT local user to create/delete snapshots only to a specific set of volumes? I know I can create a custom role to allow only snapshot creations/deletions but is there a way to further restrict to only a set of volumes?

 

thanks,

3 REPLIES 3

hariprak
3,838 Views

Hi,

 

You can try below steps,

 

security login role create snapRole -cmddirname "volume snapshot" -access all -vserver <vservername>
security login role modify -role snapRole -cmddirname DEFAULT -vserver <vservername> -access none
security login create -user-or-group-name snapUser -application ontapi -authmethod password -role snapRole -vserver <vservername>

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

georgevj
3,804 Views

You can use queries with the role create/modify command to do this. For example, 

 

cluster::>   security login role create -role testrole -vserver <vservername>  -access all -cmddirname "volume snapshot"  -query  "-volume *abc*|nfs*"

 

this command will create a role that lets the user access snapshots only for volumes with names starting with "nfs" or volumes with the pattern "abc" somewhere in thier names.

 

Hope you understood.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

DJ-Potsdam
3,058 Views

Hi George , thanks for the answer. I really appreciate the materials and people out there at NetApp who help customers like us to make our life easy.

 

Thanks a ton, cheers

Public