Before you start creating a monitoring plan to audit Nutanix Files, plan for the accounts that will be used for data collection. They should meet the requirements listed below.
Account for Accessing Nutanix File Server
First, you need an account that Netwrix Auditor will use to access Nutanix File Server. This account requires at least Read permission for the target SMB shares on the Nutanix File Server.
NOTE: This is the account you will provide in the monitoring plan wizard at the Settings for Data Collection step; it can be modified in the General tab of the monitored item settings:
This account must have a role with sufficient privileges on that server: File Server Admin (recommended) or Backup Admin role.
Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.
These group Managed Service Accounts should meet the related requirements.
Account for Accessing REST API
You will also need an account that will be used to connect to Nutanix File Server REST API.
This account should be provided in the Nutanix File Server REST API tab of the monitored item (Nutanix SMB shares) settings:
This account must be assigned the REST API access users role for Nutanix File Server you want to audit.
See the section below for the instructions on user role assignment.
Role Assignment Procedure
IMPORTANT! Before starting the role assignment, make sure your Nutanix File Server is included in the AD domain.
To assign the required roles to the corresponding accounts using Nutanix Prism
- Open Nutanix Prism web portal.
- Select File Server category. In the list of servers, select the server you want to audit.
- Click Manage roles.
- In the Manage roles dialog locate the Add admins section and click +New user.
- Enter the AD user account (to be used as data collection account) in the domain\name format and select the File Server Admin or Backup Admin role to assign
- Click Save next to these cells to save the settings.
- Next, in the REST API access users section click +New user.
- Enter the local user account and password, then click Save next to these cells to save the settings.
- When finished, click Close.