Recently I've investigated ways to lock down access to our NetApp clusters and am currently looking at the vsadmin accounts in SVMs. We don't delegate duties at the SVM level, and we use a dedicated, limited 'snapcenter' account in SVMs that need SnapCenter connectivity. We still have a 'snapdrive' account as well for a handful of cdot systems we still need SnapDrive on.
With this in mind, is there any reason not to lock the vsadmin account to reduce the number of ways someone could log in? Any "gotchas" I'm not considering?
The ONLY reason we still have SnapDrive is for LUN management (resizing, creation, etc.) on a handful of systems to get around SnapCenter bugs. We don't use it for backups. With that in mind I think we don't need vsadmin, especially since the snapdrive service account is a vsadmin level account. Any thoughts or suggestions?