Re: File System Analytics RBAC

TMADOCTHOMAS · ‎2024-05-15

Hello fellow admins! I want to create a role that allows login to System Manager + full File System Analytics functionality but no other rights. I am having difficulty and could use some advice!

The first KB below describes creating a role like the one I want, but it doesn't work. To simplify, I gave the role "All File System Analytics operations" rights, using /*/ for the UUID. I created the domain account with the http, ontapi, and ssh applications. When trying to log in, I just got the spinning 'wait' icon with no error and no end in sight.

The second KB mentions the new built-in admin-no-fsa role which is actually to restrict FSA, however I thought it might help to see what it does so I could tweak a copy. I logged in this time but had too many admin rights, plus the two areas of FSA that should have been read only were not visible.

Any recommendations?

https://docs.netapp.com/us-en/ontap/file-system-analytics/role-based-access-control-task.html

https://docs.netapp.com/us-en/ontap/authentication/predefined-roles-cluster-administrators-concept.html

TMADOCTHOMAS · ‎2024-05-16

In case anyone searches for this, the solution ended up being a recreation (partly) of the 'readonly' role, then ADDING all of the FSA rights listed in the KB! I had to recreate the role using the security rest-role create command, and it didn't 100% match readonly, but it worked! I am able to log on with my test account and view all of the FSA content!

File System Analytics RBAC

Get ready to power on