VMware Solutions Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VMware Solutions Discussions

Ask a Question

ONTAP Tools for VMware vSphere - service account permissions

prcpa8w3p
‎2024-06-18 09:27 AM
1,660 Views

Setting up OTV using a service account and per our internal security team best practices, they won't allow us to give the service account administrator rights into vCenter. 

 

What are the granular permissions that we can grant to the service account that'll still allow us to both successfully install and manage OTV?

 

Configuration: 

vCenter: 8.0 Update 2

ONTAP: 9.13.1Px

OTV: 9.13P1

0 Kudos
6 REPLIES 6

prcpa8w3p
‎2024-06-25 07:49 AM
1,431 Views

Hi All - any update on this?

0 Kudos

ChanceBingen
NetApp
‎2024-06-26 10:54 AM
1,381 Views

I haven't tried, but according to this two key things you need are access to the ExtensionManager.registerExtension(), updateExtension(), and I'm also guessing you will want to have access to the unregisterExtension() methods collectively.

Connect the extension to vCenter Server (vmware.com)

Unregister the extension from vCenter Server (vmware.com)

 

When you register the plugin, it also creates roles so you need to have rights to do that too.

 

When you actually use the product, it operates as the logged in user. So creating datastores and such are inherited from that.

 

When I look in the vCenter GUI, I can see these. Give it a try and let us know how it goes.

 

ChanceBingen_0-1719424324069.png

 

0 Kudos

ChanceBingen
NetApp
‎2024-06-26 10:57 AM
1,381 Views

Also, this KB may do the trick too. How to create a service account in vCenter for only allowing VSC/SRM Functions - NetApp Knowledge Base

0 Kudos

prcpa8w3p
‎2024-07-10 08:28 AM
In response to ChanceBingen
1,166 Views

@ChanceBingen  - thank you for looking into this. We keep coming across the following NetApp KBA which we don't currently have access to - is it possible for you to share the contents?

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/Virtual_Storage_Console_for_VMware_vSphere/How_to_configure_RBAC_for_Virtual_St...

0 Kudos

ChanceBingen
NetApp
‎2024-07-10 10:49 AM
In response to prcpa8w3p
1,160 Views

Looks like that KB has been archived and replaced with this one: ONTAP Tools for VMware vSphere: RBAC Configuration - NetApp Knowledge Base

0 Kudos

prcpa8w3p
‎2024-07-10 01:40 PM
In response to ChanceBingen
1,130 Views

@ChanceBingen - ty sir, appreciate it. We're going to try it out in our test/engineering labs

0 Kudos
All Community Forums
Public