If you are using SnapCenter Plug-in for VMware vSphere, the vCenter Server provides an additional level of RBAC. SnapCenter Plug-in for VMware vSphere supports both vCenter Server RBAC and ONTAP RBAC.
This security mechanism restricts the ability of vSphere users to perform SnapCenter Plug-in for VMware vSphere tasks on vSphere objects, such as virtual machines (VMs) and datastores. The Plug-in for VMware vSphere installation creates roles for SnapCenter operations on vCenter: SCV Administrator, SCV Backup, SCV Guest File Restore, SCV Restore, and SCV View.
The vSphere administrator sets up vCenter Server RBAC by doing the following:
This security mechanism restricts the ability of SnapCenter to perform specific storage operations, such as backing up storage for datastores, on a specific storage system.
ONTAP and SnapCenter RBAC is set up in the following workflow:
The following diagram provides an overview of the Plug-in for VMware vSphere validation workflow for RBAC privileges (both vCenter and ONTAP):