The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Snaplock Privilegd delete.

asdfly3054

Hi All,

 

     I am trying the Snaplock feature in Netapp simulator storage. 

 

     I get the process to create Enterprise WORM folder, Audit Log and privileged delete account.

 

     But I have a question about the system administrator and vsadmin-snaplock.

     1. In order the prevent system administrator has too much power to delete the WORM file in Enterprise mode. So, we have to create another account has privileged delete the WORM file. Is it the major purpose to separate the system administrator and vsadmin-snaplock acccount?

     2. If yes, there is no any method can prevent system administrator to create a vsadmin-snaplock account or modify the password of vsadmin-snaplock account. It means that administrator can do the privileged delete when he wanted. Is it right?

 

      I know the audit log will save all the process. But the log is just for record, it can not prevent the wrong happen.

      Do you know if there is any manner can prevent administrator to create or modify vsadmin-snaplock account in anytime?

 

Thanks,

Billy

1 ACCEPTED SOLUTION

Sahana

Hi,

 

1-Yes, 2-Administrator has the ability to assign rights. Refer http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-arch-con%2FGUID-6226EB59-EF12-4D3D-A7B9-6B6407DE77C7.html

Administrator is a pre defined role, not sure if it allows to restrict modifying a user account.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

2 REPLIES 2

thokelly

Billy,

 

 

how did you manage to create the Audit log on an SL Enterprise volume? Is ist SLE at all?

I am failing here, I cannot create the Audit log on an SLE volume, it wants me to create it on an SL Compliance volume...

 

 

/

Tom

 

 

See my post here:

https://community.netapp.com/t5/Data-ONTAP-Discussions/Create-audit-log-on-Snaplock-Enterprise-volume-fails/m-p/138600/highlight/false#M30579

 

Sahana

Hi,

 

1-Yes, 2-Administrator has the ability to assign rights. Refer http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-arch-con%2FGUID-6226EB59-EF12-4D3D-A7B9-6B6407DE77C7.html

Administrator is a pre defined role, not sure if it allows to restrict modifying a user account.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public