cDOT 8.3 on FAS8020
Is there a way to grant a cDOT local user to create/delete snapshots only to a specific set of volumes? I know I can create a custom role to allow only snapshot creations/deletions but is there a way to further restrict to only a set of volumes?
You can try below steps,
security login role create snapRole -cmddirname "volume snapshot" -access all -vserver <vservername>security login role modify -role snapRole -cmddirname DEFAULT -vserver <vservername> -access nonesecurity login create -user-or-group-name snapUser -application ontapi -authmethod password -role snapRole -vserver <vservername>
You can use queries with the role create/modify command to do this. For example,
cluster::> security login role create -role testrole -vserver <vservername> -access all -cmddirname "volume snapshot" -query "-volume *abc*|nfs*"
this command will create a role that lets the user access snapshots only for volumes with names starting with "nfs" or volumes with the pattern "abc" somewhere in thier names.
Hope you understood.
Hi George , thanks for the answer. I really appreciate the materials and people out there at NetApp who help customers like us to make our life easy.
Thanks a ton, cheers