ONTAP Discussions

Need to create a Data OnTap user for shutdown purposes only

KENBUNCE0
5,207 Views

Hi,

I am looking for some direction here. I am trying to develop a procedural document for performing emergency shutdowns of our filers in our various data centers. I would like to create a user account that only has the capability to perform the following::

  • cf disable
  • halt cifs
  • halt nfs
  • shutdown a filer
  • halt
  • boot

I am being told that to perform these functions the user must be a full admin.but this will not work in my environment. Is it possible to automate this procedure? I have both 7-mode and cluster mode filers to deal with.

Any assistance would be greatly appreciated,

Ken

1 ACCEPTED SOLUTION

aborzenkov
5,207 Views

You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.

If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.

View solution in original post

3 REPLIES 3

aborzenkov
5,208 Views

You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.

If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.

KENBUNCE0
5,207 Views

Thank you for your response. This makes more sense than the reply I got back from support. Do you have an example PowerShell script for performing a shutdown or know where I can find one?

aborzenkov
5,207 Views

RBAC is described in TR-3358 (there could be updates, did not check). Data ONTAP API is documented here: http://support.netapp.com/documentation/productlibrary/index.html?productID=60427. And PowerShell bindings are available on community site: https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/data_ontap_powershell_toolkit_downloads

Public