ONTAP Discussions

How to restrict access to Previous Versions functionality to domain admins only on CDOT?

erpadmin
4,385 Views

There's a write up here https://kb.netapp.com/support/index?page=content&id=1010287, specifically Procedure 5, but I'm not sure how to apply this change on CDOT 8.3.1P1

5 REPLIES 5

hariprak
4,362 Views

Hi,

 

You can refer the link https://library.netapp.com/ecm/ecm_download_file/ECMP1366834

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

erpadmin
4,336 Views

That is good document, but i dont see where it describes restricting the capability to domain admins only.  Until I get this sorted i'm going to have to disable -snapdir-access.

 

EDIT:  I tried a few more things and I am not able to restrict this functionality.  if anyone has further information on this please let me know.

AndreasTrute
3,974 Views

Hello,
we have the same problem. There are for this CDOT KB Doc ID 8010364 and for 7Mode this KB Doc ID 1010287. In 7Mode that works with the workaround, when CDOT it does not go, there is the option Volume -snapdir-access, but if true then are previous version, the SnapShots visible to all users. Probably just the solution via GPO is hide the previous version tab.

A question for the round, someone has an idea ...?

erpadmin
3,972 Views

we never went with the GPO route because fixing the Client side isn't a real solution.  Right now I modify the variable as needed

vol modify -volume usershares -snapdir-access true

AndreasTrute
3,968 Views

our problem is, that we have to point 5 attempts from the document KB Doc ID 8010364. once -snapdir-access true, the user will have full access according to their ADS privileges on the tab Previous Version. We currently have a GPO that the normal user hides the recovery in use, only admins.

Public