Skip to main content
Eine neuere Version dieses Produkts ist erhältlich.
Die deutsche Sprachversion wurde als Serviceleistung für Sie durch maschinelle Übersetzung erstellt. Bei eventuellen Unstimmigkeiten hat die englische Sprachversion Vorrang.

Erstellen Sie SVM-Rollen mit minimalen Berechtigungen

Beitragende
PDFs

Beim Erstellen einer Rolle für einen neuen SVM-Benutzer in ONTAP müssen Sie verschiedene ONTAP-CLI-Befehle ausführen. Diese Rolle ist erforderlich, wenn Sie SVMs in ONTAP für die Verwendung mit SnapCenter konfigurieren und Sie nicht die vsadmin-Rolle verwenden möchten.

Schritte

  1. Erstellen Sie auf dem Speichersystem eine Rolle und weisen Sie der Rolle alle Berechtigungen zu.

    security login role create –vserver <svm_name\>- role <SVM_Role_Name\> -cmddirname <permission\>

    Hinweis Sie sollten diesen Befehl für jede Berechtigung wiederholen.

  2. Erstellen Sie einen Benutzer, und weisen Sie die Rolle diesem Benutzer zu.

    security login create -user <user_name\> -vserver <svm_name\> -application ontapi -authmethod password -role <SVM_Role_Name\>

  3. Entsperren Sie den Benutzer.

    security login unlock -user <user_name\> -vserver <svm_name\>

ONTAP CLI-Befehle zum Erstellen von SVM-Rollen und Zuweisen von Berechtigungen

Es gibt verschiedene ONTAP CLI Befehle, die Sie ausführen sollten, um SVM-Rollen zu erstellen und Berechtigungen zuzuweisen.

  • security login role create -role SVM_Role_Name -cmddirname "snapmirror list-destinations" -vserver SVM_Name -access all

  • security login role create -role SVM_Role_Name -cmddirname "event generate-autosupport-log" -vserver SVM_Name -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job history show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job stop" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup add" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup rename" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping add-reporting-nodes" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun mapping create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping remove-reporting-nodes" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun move-in-volume" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun offline" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun online" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun resize" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun serial" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "network interface" -access readonly

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy add-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy modify-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy remove-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror restore" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update-ls-set" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "version" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split start" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split stop" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume destroy" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file clone create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file show-disk-usage" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume offline" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume online" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume restrict" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot rename" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore-file" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume unmount" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "vserver iscsi connection show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver" -access readonly

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver iscsi" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "volume clone split status" -access all