ONTAP RBAC features in SnapCenter Plug-in for VMware vSphere

ONTAP role-based access control (RBAC) enables you to control access to specific storage systems and the actions a user can perform on those storage systems. SnapCenter Plug-in for VMware vSphere works with vCenter Server RBAC, SnapCenter RBAC, and ONTAP RBAC to determine which SnapCenter tasks a specific user can perform on objects on a specific storage system.

SnapCenter uses the credentials that you set up (user name and password) to authenticate each storage system and determine which operations can be performed on that storage system. The Plug-in for VMware vSphere uses one set of credentials for each storage system. These credentials determine all tasks that can be performed on that storage system; in other words, the credentials are for SnapCenter, not an individual SnapCenter user.

ONTAP RBAC applies only to accessing storage systems and performing SnapCenter tasks related to storage, such as backing up VMs. If you do not have the appropriate ONTAP RBAC privileges for a specific storage system, you cannot perform any tasks on a vSphere object hosted on that storage system.

Each storage system has one set of ONTAP privileges associated with it.

Using both ONTAP RBAC and vCenter Server RBAC provides the following benefits: