Creating a Custom ONTAP SVM Role for SMBR Restore Purposes

Following on from the last two posts -
- to productionize the tool, you’ll probably not want to hand out the vsadmin credentials. In this post we create a custom security login role for the purposes of performing the SMBR restore (the custom role is still quite powerful.)
Note: Really, this role applies to any use case where one wants to be able to flexclone from a snapshot and perform tidy up with minimum permissions.

Clustershell Commands to Create the Custom Role and User


security login role create -role smbr_restore -vserver svm1 -cmddirname DEFAULT -access none
security login role create -role smbr_restore -vserver svm1 -cmddirname lun -access readonly
security login role create -role smbr_restore -vserver svm1 -cmddirname "lun mapping create" -access all
security login role create -role smbr_restore -vserver svm1 -cmddirname version -access all
security login role create -role smbr_restore -vserver svm1 -cmddirname volume -access readonly
security login role create -role smbr_restore -vserver svm1 -cmddirname "volume clone" -access all
security login role create -role smbr_restore -vserver svm1 -cmddirname "volume destroy" -access all
security login role create -role smbr_restore -vserver svm1 -cmddirname "volume offline" -access all
security login role create -role smbr_restore -vserver svm1 -cmddirname vserver -access readonly

security login create -user smbr_restore -role smbr_restore -vserver svm1 -application ontapi -authentication-method password


Image: Custom ONTAP SVM Role for SMBR Restore Purposes

Note: ONTAP Version used here is ONTAP 9.3.

Comments