Virtualization Articles and Resources

How to Use RBAC User Creator tool for Storage Replication Adapter 4.0



The RBAC User Creator for ONTAP® tool is a C# application that enables you to create RBAC usernames within ONTAP. You can use the RBAC User Creator tool to create users in both 7-mode and ONTAP environments.

The list of privileges created are stored in an XML (ontapPrivs.xml) file. The XML file enables you to gather the following information:

1. You can verify the privileges of the new user created by RBAC User Creator tool.
2. You can add privileges or products later without the need to recompile the application.

The RBAC User Creator tool is a framework where all the products and the privileges for those products are listed in the XML file. You can easily add support for another product or product version by updating the information in the XML file.



RBAC User Creator tool for Storage Replication Adapter 4.0

The RBAC User Creator tool is enhanced to allow creating new roles and users required for Storage Replication Adapter (SRA) 4.0 by adding additional information in the XML file.

Please note that Storage Replication Adapter (SRA) 4.0 supports ONTAP versions 8.3.2 onwards only.


Once you have downloaded and installed the RBAC User Creator tool from the ToolChest, you will need to perform the below steps to provide support for SRA 4.0.


Step 1: Replace XML for SRA 4.0 support

To enable support for SRA 4.0, please perform the following:

1. Download and keep a copy of the ontapPrivs.xml file (attached below).
2. Access the install directory of the RBAC User Creator tool.
This information is provided during installation. For example:- The default path would be: C:\Program Files (x86)\NetApp\RBAC User Creator
3. Replace the existing ontapPrivs.xml file with the downloaded .xml file.
4. Restart the RBAC User Creator tool.


You can start using the RBAC User Creator tool to create new roles and users.

Step 2: Setting up user names and privileges

You can create ONTAP user names with all the privileges required for SRA.

1. Enter the name of the root or admin user and IP of the storage system for which you want to create the user.
2. Click LOGIN .
The tool determines the controller type.
3. As the storage system is running ONTAP, the list of SVMs are displayed.
RBAC User Creator supports creating users on the Cluster-Admin SVM as well as on Data SVMs. Select the appropriate SVM from the drop-down list.
4. Select the product and product version.
For SRA 4.0, you must select product as “SRA for VMware SRM” and product version as “SRA 4.0 for VMware SRM”.
5. Select the ONTAP privilege role as “NAS/SAN Role”.
RBAC User Creator tool merges all the privileges from the selected roles and combines them in a sorted list.
6. Enter a name for the role , user, and password, and then click Submit.
NOTE: RBAC User Creator requires root or admin storage credentials for creating new user names.


Step 3: Adding storage systems

1. Log in into your SRA 4.0 system.
2. Add the storage system using the new username and password.

Known issues

While providing a role name, do not provide any names that begin with “vsadmin”. This will prevent creating any new roles or users.



Downloading and using RBAC User Creator

Refer to the following link for details regarding download and usage of RBAC User Creator tool:

How to use the RBAC User Creator for ONTAP






Please Note:

All content posted on the NetApp Community is publicly searchable and viewable. Participation in the NetApp Community is voluntary.

In accordance with our Code of Conduct and Community Terms of Use, DO NOT post or attach the following:

  • Software files (compressed or uncompressed)
  • Files that require an End User License Agreement (EULA)
  • Confidential information
  • Personal data you do not want publicly available
  • Another’s personally identifiable information (PII)
  • Copyrighted materials without the permission of the copyright owner

Continued non-compliance may result in NetApp Community account restrictions or termination.


Thanks for doing this! Appreciated the work done


We've attempted creating new SVM-level users using this tool and then adding the SVM to SRA which is succesful but after running a "vserver list" we always get the following:


         StorageController xxxxxxxx xxxxxxxx xxxxxxxxx 6f9cff68-033d-11e6-8078-00a0986a3a2f
                   FlexVol volname has 47905MB available out of 51200MB failed: Unable to find matching aggregate for volume
                   FlexVol volname_root has 972MB available out of 973MB failed: Unable to find matching aggregate for volume



We do not have these issues when using a user at the cluster level but we're attempting to do this at the SVM level.


Any ideas?

All Community Forums