ONTAP Discussions

Creating a login for Config Cdvisor 4.5

richard_mackerras

I need to create a user for Config Advisor. Config Advisor is going to be run by someone who is not a member of the storage team, infact they are an external partner engaged by a different team. I want to restrict privileges as much as possible.

 

I tried basing a user on the "READONLY" role but it will not get past the "Test Login" button. It seems to require the use of the command "system node run" which is a bit of a problem.

 

This is what I came up with:

 

 

security login role 
 create -role confadvisor -cmddirname "DEFAULT" -access readonly
 create -role confadvisor -cmddirname "security" -access none
 create -role confadvisor -cmddirname "security login password" -access all
 create -role confadvisor -cmddirname "set" -access all
 create -role confadvisor -cmddirname "system node run" -access all
 config show -role confadvisor -instance
 show -role confadvisor

security login
 create -username thirdp -role confadvisor -application ssh -authmethod password
 create -username thirdp -role confadvisor -application http -authmethod password
 create -username thirdp -role confadvisor -application ontapi -authmethod password
 create -username thirdp -role confadvisor -application console -authmethod password
 create -username thirdp -role confadvisor -application service-processor -authmethod password
 show -username thirdp

 

 

I am really not happy with allowing "system node run" since there is enough priviledge there to destroy a system.

  • Can I do better than the above?
  • Should I just insist on being present to enter the password?

 

Thanks for your help.

 

 

0 REPLIES 0
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

Public