Following on from the last two posts -
- to productionize the tool, you’ll probably not want to
hand out the vsadmin credentials. In this post we create a custom security
login role for the purposes of performing the SMBR restore (the custom role is
still quite powerful.)
Note: Really, this role applies to any use case where
one wants to be able to flexclone from a snapshot and perform tidy up with
minimum permissions.
Clustershell Commands
to Create the Custom Role and User
security login role create -role
smbr_restore -vserver svm1 -cmddirname DEFAULT -access none
security login role create -role
smbr_restore -vserver svm1 -cmddirname lun -access readonly
security login role create -role
smbr_restore -vserver svm1 -cmddirname "lun mapping create" -access
all
security login role create -role
smbr_restore -vserver svm1 -cmddirname version -access all
security login role create -role
smbr_restore -vserver svm1 -cmddirname volume -access readonly
security login role create -role
smbr_restore -vserver svm1 -cmddirname "volume clone" -access all
security login role create -role
smbr_restore -vserver svm1 -cmddirname "volume destroy" -access all
security login role create -role
smbr_restore -vserver svm1 -cmddirname "volume offline" -access all
security login role create -role
smbr_restore -vserver svm1 -cmddirname vserver -access readonly
security login create -user smbr_restore
-role smbr_restore -vserver svm1 -application ontapi -authentication-method
password
Image: Custom ONTAP SVM Role for SMBR Restore Purposes
Note: ONTAP Version used here is ONTAP 9.3.
Comments
Post a Comment