ONTAP Tools for VMware vSphere - service account permissions

prcpa8w3p

Setting up OTV using a service account and per our internal security team best practices, they won't allow us to give the service account administrator rights into vCenter.

What are the granular permissions that we can grant to the service account that'll still allow us to both successfully install and manage OTV?

Configuration:

vCenter: 8.0 Update 2

ONTAP: 9.13.1Px

OTV: 9.13P1

prcpa8w3p

Hi All - any update on this?

ChanceBingen

I haven't tried, but according to this two key things you need are access to the ExtensionManager.registerExtension(), updateExtension(), and I'm also guessing you will want to have access to the unregisterExtension() methods collectively.

Connect the extension to vCenter Server (vmware.com)

Unregister the extension from vCenter Server (vmware.com)

When you register the plugin, it also creates roles so you need to have rights to do that too.

When you actually use the product, it operates as the logged in user. So creating datastores and such are inherited from that.

When I look in the vCenter GUI, I can see these. Give it a try and let us know how it goes.

ChanceBingen

Also, this KB may do the trick too. How to create a service account in vCenter for only allowing VSC/SRM Functions - NetApp Knowledge Base

ONTAP Tools for VMware vSphere - service account permissions

Join us in Vegas, September 23-25

NetApp Wins Gold in Globee® Awards