ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Minimum SnapCenter Permissions

TMADOCTHOMAS
‎2024-04-03 10:25 AM
1,030 Views

For years we've used a custom role for SnapCenter permissions on our iSCSI and NFS SVMs, based on the following article:

 

https://community.netapp.com/t5/Data-Backup-and-Recovery/SnapCenter-Custom-Account-ONTAP/m-p/156197#M12840

 

This has worked well. Now I'm testing to add the new snapshot locking feature in OnTAP 9.12.1 so I can lock the three most recent snapshots from deletion. In testing, my custom role is generating "Insufficient privileges" alerts, stating the custom account "does not have write access to this resource". The specific failed task was "Set SnapLock Expiration Time Failed".

 

I found the following KB article and added the two additional actions listed to the role, but got the same error. Any suggestions? I really want to implement this, but this permission issue is turning into a blocker.

 

https://kb.netapp.com/onprem/ontap/dp/SnapLock/Unable_to_set_retention_at_file_level 

Tags (2)
6 REPLIES 6

TMADOCTHOMAS
‎2024-04-09 07:16 AM
452 Views

For anyone watching this thread, I have a case open and will hopefully have an answer from NetApp Support soon.

0 Kudos

TMADOCTHOMAS
2 weeks ago
332 Views

From what we discovered in the case, the rule doesn't work in 9.12.1 but should work in later versions. We are postponing implementation of this feature until we decide to upgrade.

0 Kudos

isc-dario
2 weeks ago
In response to TMADOCTHOMAS
303 Views

Hi 

Are you speaking of the general "Minimum Privileges" feature which doesn't work with 9.12.1 or just the new Snaplock feature?

0 Kudos

TMADOCTHOMAS
2 weeks ago
291 Views

The feature itself works, it's just the tweaking of minimum permissions that doesn't work in 9.12.1.

0 Kudos

isc-dario
2 weeks ago
In response to TMADOCTHOMAS
271 Views

Have you tried the minimum permissions before enabling the Snaplock feature?

0 Kudos

TMADOCTHOMAS
2 weeks ago
267 Views

No, however it was weird that the NetApp technician who worked with me was able to make it work in 9.13.1 and above without changes to the rules. Meaning there wasn't actually a rule change to make, although I thought there was and tried a few that I thought would work when it initially failed. Apparently something behind the scenes was tweaked in 9.13.1 and above. At any rate, I'll revisit when we upgrade later this fall.

Announcements
All Community Forums
Public