Role Permission for Halting Only does not working - CDOT

luiz_silva · ‎2016-10-14

Hi,

I'm trying to create an user with the following role permission:

netappcdot823::> security login role show -vserver netappcdot823 -role operators

VServer Role Name Command/Directory Query Access Level
------------------------------------------------------------
netappcdot823 operators DEFAULT none
netappcdot823 operators system node halt all

The objective is to create an user with the halt capability only, and no more permissions if possible.

When I login with that user and issue a "system node halt" command, it seems there is a lack of other permissions.

netappcdot823::> system node halt

Warning: Are you sure you want to halt node "netappcdot823-01"? {y|n}: y

Error: not authorized for that command

Note: I'm doing this on Ontap Simulator 8.2.3 CDOT.

Changing the "DEFAULT" access level to "all" works, but this is not desired because all other commands are also allowed (acts like an admin user).

Any idea?

Thanks!

georgevj · ‎2016-10-16

Halting a node is supposed to be an administrative task, and often disruptive to the cluster too. It involves migrating LIFs, initiating takeover, ARLs, making changes to cluster quorum, RDB changes and perhaps affecting the resiliency of the cluster too. Why do you want to give the permission to a non-administrator to shutdown a node?I think that is way beyond any logic. 😞

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

Role Permission for Halting Only does not working - CDOT

Get ready to power on