VMware Solutions Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VMware Solutions Discussions

Ask a Question

VSC 9.6 - Crash when using the privileges from the RBAC User Creator Tool

sanadmin_stadtdo
‎2019-12-11 04:36 AM
5,720 Views

Hello community,

 

we are currently using VSC 9.6. If storage systems are added with a vscadmin who has received his privileges from the current RBAC User Creator Tool, the complete VSC will crash and have to be set up again.

 

The following messages appear - among others - in the VSC.LOG:

2019-12-09 06:39:47,930 [qtp557725225-3896 - /vsc/remoting/exoforceRmiExporter?sessionId=40f538d75057f26d857ae13c9113ae69fc380937&serviceUrl=https://vmc_serv.stadtdo.de:443/sdk] WARN (ZAPIInvoker) - invokeZAPI(0): failed OntapConnectionImpl{ipAddress=fas27501.stadtdo.de, userName=vscadmin, port=443, ssl=true} API failed. Insufficient privileges: user 'vscadmin' does not have read access to this resource (errno=13003) null
2019-12-09 06:39:47,930 [qtp557725225-3896 - /vsc/remoting/exoforceRmiExporter?sessionId=40f538d75057f26d857ae13c9113ae69fc380937&serviceUrl=https://vmc_serv.stadtdo.de:443/sdk] ERROR (RMIServiceImpl) - getAllStorageSystems - Error getting controllers -
Unable to load volumes for: AbstractController: id: bbfe3d81-7ae0-11e9-ba14-00a098fbe31aname: SVM_NFS-VMW02ip address: fas27501.stadtdo.de. Caused by: Insufficient privileges: user 'vscadmin' does not have read access to this resource (errno=13003)

 

Unfortunately I don't know which privileges are missing. It can only be due to the privileges, because it works if I give the vscadmin admin rights.

 

Any idea?

 

Many thanks and greetings

 

Michael

 

0 Kudos
View By:
Tags (1)
6 REPLIES 6

Roopeshwari
NetApp
‎2019-12-11 07:21 AM
5,682 Views

Hi,

You have not mentioned which version of ONTAP Cluster is being used to create user. Hope you are using one of these ONTAP version which are supported for VSC 9.6:

Please follow steps mentioned in this article to create a user for VSC, it should work fine.

https://community.netapp.com/t5/Virtualization-Articles-and-Resources/How-to-use-the-RBAC-User-Creator-for-Data-ONTAP/ta-p/86601

 

 

0 Kudos

sanadmin_stadtdo
‎2019-12-11 11:45 PM
In response to Roopeshwari
5,615 Views

Hi,

Sorry, I forgot to tell you: we use FAS systems with ontap 9.5.

We've been using VSC for a long time (since version 2.1). Since the RBAC User Creator Tool existed, we have also used it to create the corresponding roles, without any problems so far. This time it doesn't work.


The hint from mjdalton1 on: https://docs.netapp.com/vapp-96/index.jsp?topic=%2Fcom.netapp.doc.vsc-dsg%2FGUID-999F3BFE-4005-42EC-9CF5-127DD6699297.html&lang=en refers to the roles "Discovery, Create Storage, Modify Storage and Destroy Storage" - but what content/commands do these roles have?  The roles themselves don't exit - do they?

 

I only know "FAQ: VSC, VASA, and SRA 7.0 ONTAP RBAC Configuration" ( https://kb.netapp.com/app/answers/answer_view/a_id/1001058). - Well, then I seem to have to rummage through here.

 

Best regards

 

Michael



0 Kudos

Roopeshwari
NetApp
‎2019-12-12 01:27 AM
In response to sanadmin_stadtdo
5,601 Views

Hi Micheal,

 

Please follow this link and download latest ontapPrivs.xml and replace it in your RBAC Tool.

Select 'VSC, VASA Provider and SRA' for Product and 'VSC, VASA Provider and SRA 9.6' for version. Select role in checkbox and create a user for your SVM and add it to VSC. It should work fine or please share error \logs in case of  a failure.

https://mysupport.netapp.com/tools/info/ECMLP2434785I.html?pcfContentID=ECMLP2434785&productID=61965&language=en-US

The RBAC User Creator for Data ONTAP tool enables you to quickly and easily set up role-based access control (RBAC) for NetApp storage systems. It supports multiple NetApp products and both clustered Data ONTAP and Data ONTAP operating in 7-mode environments.  

 

This tool, privileges XML file and instructions for using it are available on the NetApp ToolChest:

 

Because this tool stores privileges in an XML file (ontapPrivs.xml), NetApp can update it with new information without having to recompile it. Also, the XML file allows you to clearly see the privileges being used.

 

0 Kudos

sanadmin_stadtdo
‎2019-12-17 01:23 AM
In response to Roopeshwari
5,545 Views

Hi,


I'm sorry, but I can't select 'VSC, VASA Provider and SRA' for Product and 'VSC, VASA Provider and SRA 9.6' - it doesn't exist.

 

Unfortunately I cannot find any "9.6" ontapPriv.xml under the given link. The file contains the previous data that I have used before. Here are the first lines of this ontapPriv.xml:

 

<?xml version="1.0" encoding="utf-8"?><privs>
<product id="vsc70" label="VSC, VASA Provider and SRA" description="VSC, VASA Provider and SRA">
<vsc70 id="vsc70" label="VSC 7.x">
<cluster-mode>
<admin-vserver>
<role id="discovery" label="Discovery"
description="This role allows for the discovery of all the connected storage controllers.">
<read-only>
:
:

 

Any idea? What am I doing wrong?

Best regards

 

Michael

0 Kudos

Roopeshwari
NetApp
‎2019-12-19 01:51 AM
In response to sanadmin_stadtdo
5,496 Views

Hi,

 

Regret inconvenience caused. 

 

Please replace ontapPrivs.xml with following file:

https://kb.netapp.com/ci/okcsFattach/get/1032542_5

 

Thanks,

Roopeshwari U

 

 

0 Kudos
Announcements
All Community Forums
Public