ONTAP Discussions

Grant user to create/delete snapshot only to specific volumes?

ACHOU_SIMG

Hi,

 

cDOT 8.3 on FAS8020

 

Is there a way to grant a cDOT local user to create/delete snapshots only to a specific set of volumes? I know I can create a custom role to allow only snapshot creations/deletions but is there a way to further restrict to only a set of volumes?

 

thanks,

3 REPLIES 3

hariprak

Hi,

 

You can try below steps,

 

security login role create snapRole -cmddirname "volume snapshot" -access all -vserver <vservername>
security login role modify -role snapRole -cmddirname DEFAULT -vserver <vservername> -access none
security login create -user-or-group-name snapUser -application ontapi -authmethod password -role snapRole -vserver <vservername>

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

georgevj

You can use queries with the role create/modify command to do this. For example, 

 

cluster::>   security login role create -role testrole -vserver <vservername>  -access all -cmddirname "volume snapshot"  -query  "-volume *abc*|nfs*"

 

this command will create a role that lets the user access snapshots only for volumes with names starting with "nfs" or volumes with the pattern "abc" somewhere in thier names.

 

Hope you understood.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

DJ-Potsdam

Hi George , thanks for the answer. I really appreciate the materials and people out there at NetApp who help customers like us to make our life easy.

 

Thanks a ton, cheers

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public