Hello All, I have a task per a 3rd party vendor to give read-only access to a user and create a set of roles. Now some of these roles when you apply say a few things. Some say "command failed: invalid operation", others say "command failed: a Vserver admin cannot use command directory "cluster" with access level "read-only" use different access level". The concern is the only options really for `-access `are none, read-only and ALL. If I can't grant these roles with read-only then what other option do I have? I'm running 9.14.1 of ONTAP. `security login role create -role whole -vserver SXY -access none -cmddirname DEFAULT security login role create -role whole -vserver SXY -access readonly -cmddirname "vserver show" security login role create -role whole -vserver SXY -access readonly -cmddirname "cluster show" security login role create -role whole -vserver SXY -access readonly -cmddirname "volume show" security login role create -role whole -vserver SXY -access readonly -cmddirname "cluster identity show" security login role create -role whole -vserver SXY -access readonly -cmddirname "network interface show" security login role create -role whole -vserver SXY -access readonly -cmddirname "system license show" security login role create -role whole -vserver SXY -access readonly -cmddirname "storage aggregate show" security login role create -role whole -vserver SXY -access readonly -cmddirname "version" security login role create -role whole -vserver SXY -access readonly -cmddirname "system node show" security login role create -role whole -vserver SXY -access readonly -cmddirname "volume qtree show" security login role create -role whole -vserver SXY -access readonly -cmddirname "system node autosupport show” security login role create -role whole -vserver SXY -access readonly -cmddirname "security login role show-ontapi"`
... View more
"mandatory on" feature on VSCAN caused us a few time share access accidents when we lost connections to both scanners. just wonder if we can safely disable it, or we have other work around? believe we should scan the files on "write", by default, we have scan on "read", we have NAS replication in place, not sure this type of replication read traffic will trigger the scan activities? is the scan server talking to cluster with certificate? we lost connections to scan server when we had certificate issue.
... View more
My Security & Risk Oversight Director is asking how we can "install" Crowdstrike on NetApp - knowing that is not realistically possible. But the true ask here is, how do we protect the NetApp OS (ONTAP/Free BSD) using established Endpoint Detect & Response (EDR) or Managed Detect & Response (MDR) solutions? Our organization uses CrowdStrike Falcon. So I'm being asked to check with NetApp and other relevant vendors if they allow for the installation of EDR tools like CrowdStrike Falcon or are there established solutions to meet this need? Thank you in advance!
... View more
Hello all, Ontap 9.13.1 After enabling native fpolicy we encountered some quiestions: 1) How do we modify the disallowed extensions file. The current kb is a bit unclear about that. 2) After modifying the above file, how do we make sure this is the version used on all enabled svms. 3) What is the path of the original disallowed extensions file?
... View more
Hi, has anyone tried enabling SSO for Unified Manger in Azure Idp what are the SAML assertions values and claim rules that needs to be configured. any idea?
... View more