Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need to create a custom role that allows a group of administrators from AD_domain_A to manage all bar one PCI DSS SVM. That last PCI DSS SVM is joined to another domain (AD_domain_B) and will be managed via SSH directly to the SVM admin lif as I understand that ONTAP System Manager is only available on cluster level.
I tried creating a custom role AD_Admin as attached on cluster level which grants access to the group of administrators from AD_domain_A, I then added that same AD group to vsadmin role within the non-PCI SVMs but the resulting access is not AD_Admin + vsadmin. I think I possibly incorrectly assumed that the permissions will be additive and ad admins can't resize volumes etc.
What is the best way to setup this role? Do I need to add, as part of the AD_Admin role definition, something like this but that would mean listing all commands and repeating this for all SVMs?
security login role create -role AD_Admin -cmddirname "volume modify" -access all -query "-vserver svm1"
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Check the below kb:
Hope it helps answer your question.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks hmoubara,
I've seen this FAQ but it does not cover what I need - the crux of the question is how a cluster custom role can grant selective permissions in only selected SVMs as above...