VMware Solutions Discussions

OnTap RBAC for VSC @ Snapmirror Destination

JIM_SURLOW

Looking through the KB, there are a number of RBAC privs that need to be listed.  As I try to work with a customer who is using VSC at their site, am wondering what the minimum perms are needed at the snapmirror destination site.  Outside of the requirement for api-snapmirror-update & login-http, am wondering if all the others are actually required for the backup/recovery user.

There are more perms here than I wish to actually turn over, as an example: api-igroup-destroy, api-lun-unmap, api-nfs-exportfs-appen-rules-2 & api-nfs-exportfs-modify-rule-2, api-snapshot-delete, api-snapshot-rename, api-system-cli, api-volume-destroy, api-volume-offline, cli-ifconfig

I can see why some of these would be needed at the primary site, but at the destination - only if they also have abilities to spin up the VMs and the destination side ESX hosts are in the same vCenter - not the case in our environment.

Goal:  Allow for the customer to use VSC Backup & Recovery at their site without issue (don't want errors to show up because of restrictions at the destination), allow for the customer to execute a snapmirror update.

Thoughts?

TIA,

Jim

1 REPLY 1

dbkelly

Jim, you should give the RBAC User Creator tool (communities.netapp.com/docs/DOC-19074) a try.   It will simplify your life ... at least when it pertains to creating RBAC user names!

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public