ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Giving cli access to specific commands

JITHUSUDHAKAR
‎2011-07-06 01:38 AM
4,944 Views

Hi,

    I want to provide an auditor cli access to our Netapp system. I obviously dont want to give this person root access or even compliance or power user. What I want is to create a new user with access to only certain commands - or rather only commands with specific flags. For example, I want to give this person access to "lun show -m" rather than "lun offline". If I create a new profile for this user, I'm only able to add "cli-lun" which gives access to all the sub-commands under it. Does anyone know a way to do this?

Thanks in advance.

0 Kudos
View By:
1 ACCEPTED SOLUTION
migration has accepted the solution

peter_lehmann
‎2011-07-07 06:37 AM
In response to JITHUSUDHAKAR
4,944 Views

Sorry, I was wrong with my example cli-lun-show*...

https://kb.netapp.com/support/index?page=content&id=3011260

You can set it to all commands with cli* or one level deeper e.g. cli-vol* or cli-lun*, that's it.

Peter

View solution in original post

0 Kudos
5 REPLIES 5

peter_lehmann
‎2011-07-06 01:50 AM
4,944 Views

Hi

You need to create a new local group (e.g. auditors) and a new role (e.g. r_auditors). Then add the command cli-lun-show* to the role and the user account into the group. This way this particular user can only execute the lun show cli command...

To have him connect with the cli you also need to add thisi capability to the role "r_auditors":

login-ssh

the command to  accomplish this:

useradmin group

useradmin role

useradmin user

Hope this helps,

Peter

0 Kudos

JITHUSUDHAKAR
‎2011-07-06 01:57 AM
In response to peter_lehmann
4,944 Views

Hi Peter

    This is the command I gave:

useradmin role modify auditorrole -a login-ssh,cli-lun-show*

but getting error:

Invalid capabilities: cli-lun-show*

Thanks,

Jithu

0 Kudos

JITHUSUDHAKAR
‎2011-07-06 10:11 PM
In response to JITHUSUDHAKAR
4,944 Views

Anyone has any idea about this?

0 Kudos
migration has accepted the solution

peter_lehmann
‎2011-07-07 06:37 AM
In response to JITHUSUDHAKAR
4,945 Views

Sorry, I was wrong with my example cli-lun-show*...

https://kb.netapp.com/support/index?page=content&id=3011260

You can set it to all commands with cli* or one level deeper e.g. cli-vol* or cli-lun*, that's it.

Peter

0 Kudos

JITHUSUDHAKAR
‎2011-07-07 08:44 PM
In response to peter_lehmann
4,944 Views

Thanks, Peter

0 Kudos
Announcements
All Community Forums
Public