Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountFor NetApp Auditing

For NetApp Auditing

Before you start creating a monitoring plan to audit your NetApp file storage system, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard.

NOTE: If you want to authenticate with AD user account, you must enable it to access SVM through ONTAPI. See Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access for more information.

On the target server:

  1. The account must be a member of the local Administrators group.
  2. The account requires Read permissions (resultant set) on the audited shared folders.
  3. The account requires:
    • Read permissions (resultant set) on the audit logs folder and its contents
    • Delete permissions (resultant set) on the contents of this folder
  4. To connect to NetApp Data ONTAP 7 or Data ONTAP 8 in 7-mode, an account must have the following capabilities:
    • login-http-admin
    • api-vfiler-list-info

    • api-volume-get-root-name
    • api-system-cli
    • api-options-get
    • cli-cifs
  5. To connect to NetApp Clustered Data ONTAP 8 or ONTAP 9, an account must be assigned a custom role (e.g., fsa_role) on SVM that has the following capabilities with access query levels:
  • version
  • volume
  • vserver audit
  • vserver audit rotate-log
  • vserver cifs

readonly

readonly

all

all

readonly

See Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access

NOTE: You can also assign the built-in vsadmin role.

Go Up