Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountCreate Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enable AD User Access

Create Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enable AD User Access

NOTE: You must be a cluster administrator to run the commands below.

  1. Create a new role (e.g., fsa_role) on your SVM (e.g., vs1). For example:

    security login role create -role fsa_role -cmddirname version -access readonly -vserver vs1

  2. Add the following capabilities to the role:

    • version
    • volume
    • vserver audit
    • vserver audit rotate-log
    • vserver cifs

    readonly

    readonly

    readonly

    all

    readonly

    The capabilities must be assigned one by one. For example:

    security login role modify -role fsa_role -cmddirname version -access readonly -vserver vs1

    security login role modify -role fsa_role -cmddirname volume -access readonly -vserver vs1

    security login role modify -role fsa_role -cmddirname "vserver audit"

    -access readonly -vserver vs1

    security login role modify -role fsa_role -cmddirname "vserver audit rotate-log" -access all vs1

    security login role modify -role fsa_role -cmddirname "vserver cifs" -access readonly -vserver vs1

    Review currently applied capabilities. For example:

    security login role show -vserver vs1 -role fsa_role

  3. Create a login for the account that is going to authenticate and collect data from NetApp. If you want to use an AD account for collecting data, enable it to access SVM through ONTAPI. For example:

    security login create -vserver vs1 -username Enterprise\Administrator

    -application ontapi -authmethod domain -role fsa_role

    where Enterprise\Administrator is your data collecting account.

Go Up