Introducing Read-Only Mode in NetApp Console:
Your Data Estate, Now Safer by Design

A safer, smarter, more intentional way to manage your enterprise data

The Challenge: When "Always On" Admin Access Becomes a Risk

In modern enterprises, security isn’t optional, it’s foundational. Most organizations follow the principle of least privilege, where users start with view only access and elevate permissions only when necessary. This minimizes the risk of unauthorized actions, accidental changes, or unintentional deletions. Temporary elevation ensures every high impact action is deliberate, auditable, and justified.

And let's be honest—how often do you actually need to modify something versus simply checking on it?

If you're like most admins, you spend the majority of your time monitoring: reviewing your data estate, inspecting logs, tracking alerts, validating system health. Yet until now, NetApp Console required full administrative privileges for even these routine tasks.

We heard you loud and clear: 

"It feels like driving with unrestricted permissions
 when all I want to do is look out the window."

One mis-click. One accidental deletion. One unintended configuration change. The anxiety was real, and the risk was unnecessary.

That changes today!! 

Introducing Read-Only Mode: Least Privilege Meets Operational Agility

We're thrilled to announce read-only mode for NetApp Console—a game-changing security feature that brings zero-trust principles to your daily workflows.

Here's the vision

All admins start in view-only mode by default. When you need to make changes, you elevate your permissions with a single click. When you're done, you down-scope back to read-only. Every action becomes intentional, auditable, and aligned with enterprise security best practices.

No more persistent unrestricted access. No more unnecessary risk. Just safe, smart, flexible access control that adapts to how you actually work.

What Makes Read-Only Mode Special?

• Opt-In Flexibility
  • Not ready yet? No problem
  • Read-only Mode is available when you are
  • Organization admins can enable it on their own timeline, aligning with internal processes and compliance requirements
• Least Privilege by Design
  • Users begin with view-only access, dramatically reducing the surface area for mistakes and unauthorized actions
• Seamless Elevation & Down-Scoping
  • Need to make a change?
    • Click to elevate
  • Finished?
    • Click to down-scope
  • It's that simple!
• Intelligent Role Mapping
  • Every admin role automatically maps to a corresponding viewer role
  • Organization Admin to Organization Viewer, Storage Admin to Storage Viewer, and so on
• Service Accounts Stay Unaffected
  • Your automation, integrations, and M2M accounts continue running smoothly
  • ReadOnly Mode doesn't disrupt what's already working

Real-World Scenarios: Who Benefits?

• Org Admins 
  • Monitor your entire data estate and manage users with confidence
  • Elevate only when modifications are truly needed
• Federation Admins 
  • Check federation health without fear of accidental changes
  • Elevate for updates, then return to safe monitoring
• Data Services Admins
  • Review backup and DR workflows daily
  • Elevate permissions only for critical actions
• Partners & MSPs 
  • Monitor customer environments safely, reducing the risk of unintended changes while maintaining visibility and control

Your Experience: Simple, Intuitive, Intentional

Read-only mode can be easily set by the organization admin via the organization settings under Identity and access.

To enable read-only mode, you simply slide the toggle to the right, into enabled position and save.

With this feature enabled, when an admin user logs into the console, the user is assigned with the scoped viewer role(s). I.e. an organization admin is assigned with an organization viewer. A storage admin is assigned with a storage viewer role. The UI clearly indicates when an organization is in read-only mode, and all actions/buttons on the screen will be inactive as shown in the screen below.

Any actions requiring elevated permissions are only available after explicit elevation. By clicking the “read-only mode” icon on the top ribbon of the console, you can elevate to get the modify permissions of your role as shown below.

Upon elevating the buttons on the page where enabled. With this user gained modify permissions.

Once the task is complete, admins can down-scope their access by clicking the “elevated” button on the ribbon. This will transition the user permissions to a safe monitoring state. All actions are intentional, auditable, and aligned with enterprise security standards. The elevate and down-scope actions are also available via a toggle button in the User settings page as well.

FAQ: Your Questions Answered

• Q: Is ReadOnly Mode enabled by default?
  • A: No, it's opt-in. Organization admins enable it when ready.
• Q: What happens to currently logged-in admins when I enable it?
  • A: They're automatically down-scoped to their corresponding viewer roles.
• Q: Can admins elevate to roles they don't have?
  • A: No. Elevation only works for roles already assigned to the user.
• Q: Does this eliminate all security risks?
  • A: It significantly reduces risk by introducing intentional friction and requiring deliberate elevation for modifications.

What's Next? The Road Ahead

ReadOnly Mode is just the beginning of our defense-in-depth strategy for NetApp Console. Coming soon:

• Approval workflows for high-risk operations
• Analytics on adoption and usage patterns
• Even more granular access controls

We're committed to making NetApp Console the most secure, flexible, and admin-friendly platform in the industry.

Get Started Today

Ready to embrace least-privilege access control? Here are your next steps:

• Learn more about NetApp Console
• Start your Console journey
• Test Console for your self - NetApp Console from A to Z
• Explore the latest Console releases
• Read the read-only mode documentation
• Dive into identity and access management
• Review predefined RBAC roles
• Download the solution brief
• Access technical documentation

The Bottom Line 

Security shouldn't feel like a burden. With read-only mode, NetApp Console delivers the perfect balance: operational agility when you need it, rock-solid security when you don't.

Your data estate deserves better than "always-on" admin access. It deserves intentional, auditable, zero-trust controls that adapt to how you actually work.

Welcome to the future of secure data management.
Welcome to read-only mode. 

NetApp Console | One Console. Operational Simplicity. Security First.

Appendix

The below table defines a one‑to‑one mapping between admin roles and their respective viewer roles. This ensures that for every administrative capability, there is a parallel read only (viewer) role that provides visibility without modification permissions.