ONTAP Discussions

Role creation on NetApp Cluster mode

MOHAN1985
8,132 Views

Hi,

I was unable to find any information on role creation on NetApp Data Ontap 8.1/8.2 cluster-mode filers.

Please let me know different ways of role creation with appropriate access rights.

Can these users/roles created be used in Data Ontap API calls?

Thanks,

Mohan

2 REPLIES 2

MUKTA_APHALE
8,132 Views

You can use the API - security-login-role-create

Possible access level settings are none, read-only, and all. The default setting is all.

Ruby code for this would look like:

request = NaElement.new("security-login-role-create")

  request.child_add_string("role-name", new_resource.name)

  request.child_add_string("vserver", new_resource.vserver)

  request.child_add_string("command-directory-name", new_resource.command_directory)

  request.child_add_string("access-level", new_resource.access_level) if new_resource.access_level

  request.child_add_string("return-record", new_resource.return_record) if new_resource.return_record

  request.child_add_string("role-query", new_resource.role_query) if new_resource.role_query

  result = invoke_elem(request)

parisi
8,132 Views

Security login roles are covered in the product documentation:

https://library.netapp.com/ecm/ecm_download_file/ECMP1368701 - page 142

When you create users and apply roles, you can specify which application the user has access to.

Valid applications include:

::*> security login create -application

    console           http              ontapi            rsh

    service-processor snmp              ssh               telnet

For API use, you'd probably only need ontapi and maybe http users.

You can create users/roles via CLI or via the APIs that Mukta pointed out.

Roles and user creation are under the "security login" command directory:

::*> security login

    create        delete        domain-tunnel lock          modify

    password      publickey     role          show          unlock

Public