Dear community,
I am looking for a way to enable a few AD users to manage (close) CIFS sessions and files, preferably via an MMC console. But I can't seem to find it!
Situation: FAS 3240, DOT 8.1.2 7-Mode, Windows 2003 AD domain.
I created a role and a group on the vfiler and assigned a domainuser to the group. However, no matter how many capabilities I assign to this new role (even ' * ' ! ), I keep getting the error "Error 5: Access denied" when I click either 'Sessions", "Shares", or "Open Files" in the MMC console (connected to the vfiler). If I assign the same domainuser to the group "Power Users", it works perfectly. But I don't want to give these users all capabilities that "Power Users" offers.
If I modify the "Power Users" group to assign only the role "None" to it, users in this group are still able to manage shares/sessions! So it doesn't seem to matter what role (and thus capabilities) are assigned to "Power Users". It still provides all the access!
It seems that the group "Power Users" has rights/capabilities that are obtained outside the default associated role "power".
I checked the Administration Guide for DOT 8.2.1, but it doesn't mention anything about these 'hidden' capabilities. It does state that the MMC console is only accessible to (domain)users in the "Administrators" group, but that doesn't seem to be true, since members of "Power Users" also have this ability.
More importanty (for me): I don't seem to be able to use custom groups for administrative purposes. It least in this speific case.
Anyone has any suggestions?