Before you start creating a monitoring plan to audit your NetApp file storage system, plan for the account that will be used for data collection – it should meet the requirements listed below.
NOTE: If you want to authenticate with AD user account, you must enable it to access SVM through ONTAPI. See Creating Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access for more information.
On the target server:
- The account must be a member of the local Administrators group.
- The account requires Read NTFS permission on the audited shared folders.
- The account requires the following NTFS permissions:
- For NetApp 8.2.1 or later — Read permission on the audit logs folder and its content.
- For older NetApp versions:
- Read permission on the audit logs folder and its content.
- Delete permission on the audit log folder content.
- To connect to NetApp Data ONTAP 7 or Data ONTAP 8 in 7-mode, an account must have the following capabilities:
- To connect to NetApp Clustered Data ONTAP 8 or ONTAP 9, an account must be assigned a custom role (e.g., fsa_role) on SVM that has the following capabilities with access query levels:
NOTE: You can also assign the built-in vsadmin role.