Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Storage Resource Monitor (SRM) > What NetApp Cluster Mode permissions are required by Storage Resource Monitor

What NetApp Cluster Mode permissions are required by Storage Resource Monitor

Table of contents
No headers
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 142 Votes: 0 Revisions: 9

The following permissions are needed for Storage Resource Monitor to gather data. NetApp Cluster mode permissions are related to the CLI commands, which produces the same result and are set based on these. Each user used for monitoring has to be assigned in a role with all required Capabilities.


These API capabilities are required for Cluster Mode. Because permissions are set to the CLI commands, which displays the particular data, the tables below also show command names. These are used to assign permission to the specific API.

 

API Name

Related CLI command

aggr-get-iter

storage aggregate show

cifs-server-get-iter

vserver cifs show

cifs-share-get-iter

vserver cifs share show

cluster-identity-get

cluster identity show

diagnosis-status-get

system health status show

fcp-initiator-get-iter

vserver fcp initiator show

fcp-interface-get-iter

vserver fcp interface show

igroup-get-iter

lun igroup show

iscsi-initiator-get-iter

vserver iscsi initiator show

iscsi-service-get-iter

vserver iscsi show

lun-get-iter

lun show

lun-map-get-iter

lun mapped show

net-interface-get-iter

network interface show

nfs-exportfs-list-rules-2

vserver export-policy show

perf-object-get-instances

statistics show

quota-report-iter

volume quota report

storage-disk-get-iter

storage disk show

system-get-vendor-info

system node autosupport show

system-get-version

version

volume-get-iter

volume show

vserver-get-iter

vserver show

license-list-info

system license show

license-v2-list-info

system license show

 

Log in to the NetApp CLI and use the following steps to create a read-only user with sufficient privileges for monitoring the device in SRM.
----------------------------------------------------------------------------------

Required steps summary:

  1. Create a new role and assign the specific command privileges under the readonly access level.
  2. Create a monitoring user and assign it to the readonly role.

 

Detailed steps:

1. Create a new role and assign the specific command privileges under the readonly access level:

security login role create -role testrole -cmddirname "security login role show-ontapi" -access readonly

 Note: You can verify, if particular role has a permission assigned with invoking security login role show -role testrole

 To assign all permissions listed above, you can copy and paste following text:

security login role create -role testrole -cmddirname "storage aggregate show" -access readonly

security login role create -role testrole -cmddirname "vserver cifs show" -access readonly

security login role create -role testrole -cmddirname "vserver cifs share show" -access readonly

security login role create -role testrole -cmddirname "cluster identity show" -access readonly

security login role create -role testrole -cmddirname "system health status show" -access readonly

security login role create -role testrole -cmddirname "vserver fcp initiator show" -access readonly

security login role create -role testrole -cmddirname "vserver fcp interface show" -access readonly

security login role create -role testrole -cmddirname "lun igroup show" -access readonly

security login role create -role testrole -cmddirname "vserver iscsi initiator show" -access readonly

security login role create -role testrole -cmddirname "vserver iscsi show" -access readonly

security login role create -role testrole -cmddirname "lun show" -access readonly

security login role create -role testrole -cmddirname "lun mapped show" -access readonly

security login role create -role testrole -cmddirname "network interface show" -access readonly

security login role create -role testrole -cmddirname "vserver export-policy show" -access readonly

security login role create -role testrole -cmddirname "statistics show" -access readonly

security login role create -role testrole -cmddirname "volume quota report" -access readonly

security login role create -role testrole -cmddirname "storage disk show" -access readonly

security login role create -role testrole -cmddirname "system node autosupport show" -access readonly

security login role create -role testrole -cmddirname "version" -access readonly

security login role create -role testrole -cmddirname "volume show" -access readonly

security login role create -role testrole -cmddirname "vserver show" -access readonly

security login role create -role testrole -cmddirname "system license show" -access readonly

Note: These commands might produce warnings that they will affect other permissions. These warnings can be ignored.

 

2. Create the monitoring user from the role:
security login create -role readonly -username test -application ontapi -authmethod password.

Example:

lab-netapp814-clus::> security login create -role readonly -username test -application ontapi -authmethod password

Please enter a password for user 'test':

Please enter it again:

Note: Changing the permissions would require assigning the user to the role again.

Last modified
03:56, 23 Jun 2016

Tags

Classifications

Public