Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountCreating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access

Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access

NOTE: You must be a cluster administrator to run the commands below.

  1. Create a new role (e.g., fsa_role) on your SVM (e.g., vs1). For example:

    security login role create -role fsa_role -cmddirname version -access readonly -vserver vs1

  2. Add the following capabilities to the role:

    Capability Related command (example)
    • version
    • volume
    • vserver audit
    • vserver audit rotate-log
    • vserver cifs

    readonly

    readonly

    all

    all

    readonly

    NOTE: The capabilities must be assigned one by one.

    To review currently applied capabilities, you can use the following command:

    security login role show -vserver vs1 -role fsa_role

  3. Create a login for the account that is going to authenticate and collect data from NetApp. If you want to use an AD account for collecting data, enable it to access SVM through ONTAPI. For example:

    security login create -vserver vs1 -username Enterprise\Administrator

    -application ontapi -authmethod domain -role fsa_role

    where Enterprise\Administrator is your data collecting account.

  4. To be able to add event policy for NetApp, the role you set up for working with ONTAPI must have

    the following attributes:

    • version readonly
    • volume readonly
    • vserver audit all
    • vserver audit rotate-log all
    • vserver cifs readonly

    NOTE: This relates to NetApp 8.3.2 and later

Go Up