Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access

NOTE: You must be a cluster administrator to run the commands below.

  1. Create a new role (e.g., fsa_role) on your SVM (e.g., vs1). For example:

    security login role create -role fsa_role -cmddirname version -access readonly -vserver vs1

  2. Add the following capabilities to the role:

    Capability Related command (example)
    • version
    • volume
    • vserver audit
    • vserver audit rotate-log
    • vserver cifs






    NOTE: The capabilities must be assigned one by one.

    To review currently applied capabilities, you can use the following command:

    security login role show -vserver vs1 -role fsa_role

  3. Create a login for the account that is going to authenticate and collect data from NetApp. If you want to use an AD account for collecting data, enable it to access SVM through ONTAPI. For example:

    security login create -vserver vs1 -user-or-group-name Enterprise\Administrator

    -application ontapi -authmethod domain -role fsa_role

    where Enterprise\Administrator is your data collecting account.

  4. To be able to add event policy for NetApp, the role you set up for working with ONTAPI must have

    the following attributes:

    • version readonly
    • volume readonly
    • vserver audit all
    • vserver audit rotate-log all
    • vserver cifs readonly

    NOTE: This relates to NetApp 8.3.2 and later