Skip to main content
È disponibile una versione più recente di questo prodotto.
La versione in lingua italiana fornita proviene da una traduzione automatica. Per eventuali incoerenze, fare riferimento alla versione in lingua inglese.

Creare ruoli SVM con privilegi minimi

Collaboratori

Quando si crea un ruolo per un nuovo utente SVM in ONTAP, è necessario eseguire diversi comandi dell'interfaccia utente di ONTAP. Questo ruolo è necessario se si configurano le SVM in ONTAP per l'utilizzo con SnapCenter e non si desidera utilizzare il ruolo vsadmin.

Fasi

  1. Nel sistema di storage, creare un ruolo e assegnare tutte le autorizzazioni al ruolo.

    security login role create –vserver <svm_name\>- role <SVM_Role_Name\> -cmddirname <permission\>

    Nota Ripetere questo comando per ogni autorizzazione.
  2. Creare un utente e assegnarne il ruolo.

    security login create -user <user_name\> -vserver <svm_name\> -application ontapi -authmethod password -role <SVM_Role_Name\>

  3. Liberare l'utente.

    security login unlock -user <user_name\> -vserver <svm_name\>

Comandi dell'interfaccia utente di ONTAP per la creazione di ruoli SVM e l'assegnazione delle autorizzazioni

Esistono diversi comandi dell'interfaccia utente di ONTAP da eseguire per creare ruoli SVM e assegnare autorizzazioni.

  • security login role create -role SVM_Role_Name -cmddirname "snapmirror list-destinations" -vserver SVM_Name -access all

  • security login role create -role SVM_Role_Name -cmddirname "event generate-autosupport-log" -vserver SVM_Name -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job history show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job stop" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup add" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup rename" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping add-reporting-nodes" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun mapping create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping remove-reporting-nodes" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun move-in-volume" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun offline" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun online" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun resize" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun serial" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "network interface" -access readonly

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy add-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy modify-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy remove-rule" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror restore" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "snapmirror show-history" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update-ls-set" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "version" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split start" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split stop" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume destroy" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file clone create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file show-disk-usage" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume offline" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume online" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume restrict" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot modify" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot rename" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore-file" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume unmount" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy delete" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule create" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy show" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "vserver iscsi connection show" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver" -access readonly

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver iscsi" -access all

  • security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "volume clone split status" -access all

  • security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname “volume managed-feature” -access all