Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Storage Resource Monitor (SRM) > SRM: Permissions needed to monitor NetApp Filers and gather data

SRM: Permissions needed to monitor NetApp Filers and gather data

7/25/16

Overview

This article contains the permissions needed for Storage Resource Monitor to monitor and gather data for NetApp filers.. NetApp calls individual permissions to execute API calls or "capabilities." Any user being used for monitoring has to be assigned a role with all the required API capabilities.

Disclaimer

Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Environment

  • SRM

Detail

 

Required API capacities

The following API capabilities are required for 7Mode, versions 7x and higher:

  • api-aggr-list-info
  • api-cifs-share-list-iter-end
  • api-cifs-share-list-iter-next
  • api-cifs-share-list-iter-start
  • api-diagnosis-status-get
  • api-disk-list-info
  • api-fcp-adapter-list-info
  • api-iscsi-node-get-name
  • api-license-list-info
  • api-license-v2-list-info
  • api-lun-list-info
  • api-lun-map-list-info
  • api-lun-get-occupied-size
  • api-nfs-exportfs-list-rules
  • api-nfs-exportfs-list-rules-2
  • api-options-list-info
  • api-perf-object-get-instances
  • api-quota-report
  • api-quota-report-iter-end
  • api-quota-report-iter-next
  • api-quota-report-iter-start
  • api-snapshot-list-info
  • api-system-get-info
  • api-system-get-version
  • api-vfiler-get-status
  • api-vfiler-list-info
  • api-volume-list-info
  • login-http-admin
  • api-perf-object-get-instances-iter-end
  • api-perf-object-get-instances-iter-next
  • api-perf-object-get-instances-iter-start
  • security-api-vfiler

The following additional API capabilities are required for versions 8.x:

  • api-nfs-exportfs-list-rules-2
  • api-license-v2-list-info
  • api-diagnosis-status-get

Log in to the NetApp CLI and use the following procedure to create a read-only user with sufficient privileges for monitoring the device in SRM.

Required steps summary

  1. Create a monitoring group.
  2. Create a monitoring user and assign it to the monitoring group created in step 1.
  3. Create a role that has all of the required capabilities assigned to it. The list of capabilities are specific the version of NetApp being used.
  4. Assign the role to the group created in step 1.

Steps in details

  1. Creating the group:

You can use an existing group, or create a new group using the following command:

useradmin group add [group_name]

For example:

lan-netappv82> useradmin group add srmgroup

Group added.

lan-netappv82> Tue Dec 9 22:37:52 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been added.

  1. Creating monitoring user:

You can use an existing user or create a new one. The user will be read-only and used for monitoring. You can create a new user by using the following command:

useradmin user add [user_name] -g [group_name]

For example:

lan-netappv82> useradmin user add srmuser -g srmgroup

New password:

Retype new password:

User added.

lan-netappv82> Tue Dec 9 22:38:27 GMT [lan-netappv82:useradmin.added.deleted:info]: The user 'srmuser' has been added.

Creating a role and assigning it all required API capabilities:

The set of capabilities is version specific. If you do not know the version of your device, just type "version" to display it. Use following command to create a new role, and assign it all capabilities:

useradmin role add [rolename] -a [list_of_capabilities]

For example, for Versions 7.3.x:

useradmin role add srmrole -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-get-status,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

Role will be created successfully.

For example, for versions 8.x or above:

useradmin role add srmrole -a api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-diagnosis-status-get,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-nfs-exportfs-list-rules-2,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-snapshot-list-info,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-vfiler-get-status,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

Role will be created successfully.

To modify an existing role and add a new capability use the following command:

useradmin role modify [role] -a [capability_to_add]

For example:

useradmin role modify srmrole -a api-diagnosis-status-get

Role modified.

Invalid capabilities:

api-cifs-share-list Could not add role [roletest]. Error: Invalid capability

To resolve this error, remove the invalid capability "api-cifs-share-list" and re run the command to create the role.

useradmin group list [group_name]

For example:

useradmin group list srmgroup

Name: srmgroup

Info:

Rid: 131073

Roles: srmrole

Allowed Capabilities: api-aggr-list-info,api-cifs-share-list-iter-end,api-cifs-share-list-iter-next,api-cifs-share-list-iter-start,api-disk-list-info,api-fcp-adapter-list-info,api-iscsi-node-get-name,api-license-list-info,api-license-v2-list-info,api-lun-list-info,api-lun-map-list-info,api-lun-get-occupied-size,api-nfs-exportfs-list-rules,api-options-list-info,api-perf-object-get-instances,api-quota-report,api-quota-report-iter-end,api-quota-report-iter-next,api-quota-report-iter-start,api-system-get-info,api-system-get-version,api-vfiler-list-info,api-volume-list-info,login-http-admin,api-perf-object-get-instances-iter-end,api-perf-object-get-instances-iter-next,api-perf-object-get-instances-iter-start,security-api-vfiler

  1. Assign the created role to an existing group

To assign the role into an existing group, use the following command:

useradmin group modify [group_name] -r [role_name]

useradmin group modify srmgroup -r srmrole

Group modified.

lan-netappv82> Tue Dec 9 22:39:51 GMT [lan-netappv82:useradmin.added.deleted:info]: The group 'srmgroup' has been modified.

 

 

 

Last modified
15:29, 21 Oct 2016

Tags

This page has no custom tags.

Classifications

(not set)