2013-05-17 06:20 AM
I am looking for some direction here. I am trying to develop a procedural document for performing emergency shutdowns of our filers in our various data centers. I would like to create a user account that only has the capability to perform the following::
I am being told that to perform these functions the user must be a full admin.but this will not work in my environment. Is it possible to automate this procedure? I have both 7-mode and cluster mode filers to deal with.
Any assistance would be greatly appreciated,
Solved! SEE THE SOLUTION
2013-05-17 06:30 AM
You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.
If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.
2013-05-17 07:14 AM
Thank you for your response. This makes more sense than the reply I got back from support. Do you have an example PowerShell script for performing a shutdown or know where I can find one?
2013-05-18 05:36 AM
RBAC is described in TR-3358 (there could be updates, did not check). Data ONTAP API is documented here: http://support.netapp.com/documentation/productlibrary/index.html?productID=60427. And PowerShell bindings are available on community site: https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/data_ontap_powershell_toolkit_downloads