ONTAP Discussions

login-http-admin Access within a vFiler




An application needs special access to a SnapLock- Volume (api-*,login-http-admin). For tests I created 2 vFiler to separate access and data from other volumes and application on a simulator. I have used following commands to create the special access on vfiler1:


vfiler run vfiler1 useradmin group add f1app

vfiler run vfiler1 useradmin user add f1appuser -g f1app

vfiler run vfiler1 useradmin role add f1api_commands -c "Role for executing API commands on vfiler1" -a api-*,login-http-admin

vfiler run vfiler1 useradmin group modify f1app -r f1api_commands


I have to be sure that there is no way to get access with “f1appuser” to the basesystem (vfiler0) or other vfiler. A college thinks with “login-http-admin” access within vfiler1 it is possible to get access to the basesystem (vfiler0) or manipulate something on basesystem.

Is the any chance for “f1appuser” to get access outside of vfiler1?


Thanks and regards


NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner