Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountCreate Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enable AD User Access

Create Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enable AD User Access

NOTE: You must be a cluster administrator to run the commands below.

  1. Create a new role (e.g., fsa_role) on your SVM (e.g., vs1). For example:

    security login role create -role fsa_role -cmddirname version -access readonly -vserver vs1

  2. Add the following capabilities to the role:

    • version
    • volume
    • vserver audit
    • vserver audit rotate-log
    • vserver cifs

    readonly

    readonly

    all

    all

    readonly

    The capabilities must be assigned one by one. For example:

    security login role modify -role fsa_role -cmddirname version -access readonly -vserver vs1

    security login role modify -role fsa_role -cmddirname volume -access readonly -vserver vs1

    security login role modify -role fsa_role -cmddirname "vserver audit" -access all -vserver vs1

    security login role modify -role fsa_role -cmddirname "vserver audit rotate-log" -access all vs1

    security login role modify -role fsa_role -cmddirname "vserver cifs" -access readonly -vserver vs1

    Review currently applied capabilities. For example:

    security login role show -vserver vs1 -role fsa_role

  3. Create a login for the account that is going to authenticate and collect data from NetApp. If you want to use an AD account for collecting data, enable it to access SVM through ONTAPI. For example:

    security login create -vserver vs1 -username Enterprise\Administrator

    -application ontapi -authmethod domain -role fsa_role

    where Enterprise\Administrator is your data collecting account.

  4. To be able to add event policy for NetApp, the role you set up for working with ONTAPI must have

    the following attributes:

    • version readonly
    • volume readonly
    • vserver audit all
    • vserver audit rotate-log all
    • vserver cifs readonly

    NOTE: This relates to NetApp 8.3.2 and later

Go Up