Dear Community,
We would like to set up a separate role for our trainees on our cluster. This role should
- Enable read-only access to the entire cluster
- Complete access to a dedicated Test_SVM that is available for training purposes
It is often said, that this is not possible for a specific SVM, but there is even a KB article that can serve as a basis for this ("How to set up and configure RBAC in ONTAP to limit administrator access to specific volumes or SVMs" From <https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/How_to_set_up_and_configure_RBAC_in_ONTAP_to_limit_administrator_access_to_specific_volumes_or_SVM...>)
The problem with this, however, is that when creating the role for ’-cmddirname DEFAULT -access readonly’ for the special Test_SVM “readonly” is not possible, but “none” is always suggested:
FASxxxxx::> security login role create role -role Restricted_Azubi_Role -cmddirname DEFAULT -access readonly -query ‘’ -vserver SVM_TESTxxxxx
Error: command failed: The only valid value for access is ‘none’ for a Vserver role when the specified command directory is ‘DEFAULT’
FAS27501::>
What am I doing wrong? Any ideas?
Many thanks and best regards
Michael