Skip to main content
SANtricity commands

Set storage array directory server role mapping

Contributors netapp-driley

The set storageArray directoryServer roles command allows you to define role mappings for a specified directory server. These role mappings are used to authenticate users that attempt to execute various SMcli commands.

Supported Arrays

This command applies to an individual E4000, E2800, E5700, EF600 or EF300 storage array. It does not operate on E2700 or E5600 storage arrays.

Roles

To execute this command on an E4000, E2800, E5700, EF600, or EF300 storage array, you must have the Security Admin role.

What you'll need

The following roles are available to be mapped:

  • Storage admin — Full read/write access to the storage objects (for example, volumes and disk pools), but no access to the security configuration.

  • Security admin — Access to the security configuration in Access Management, certificate management, audit log management, and the ability to turn the legacy management interface (SYMbol) on or off.

  • Support admin — Access to all hardware resources on the storage array, failure data, MEL events, and controller firmware upgrades. No access to storage objects or the security configuration.

  • Monitor — Read-only access to all storage objects, but no access to the security configuration.

Syntax

set storageArray directoryServer ["domainId"]
    groupDN="groupDistinguishedName" roles=("role1"..."roleN")

Parameters

Parameter Description

directoryServer

Allows you to specify the domain by its ID for which you want to set up role mappings.

groupDN

Allows you to specify the group's distinguished name (DN) to be added to the mapping list.

roles

Allows you to specify one or more roles for the user(s) in the defined group. If you enter more than one role, separate the values with a space. Valid choices are:

  • storage.monitor

  • storage.admin

  • security.admin

  • support.admin

Examples

SMcli -n Array1 -c "set storageArray directoryServer ["domain1"]
                    groupDN="CN=ng-hsg-bc-madridsecurity,OU=Managed,
                    OU=MyCompanyGroups,DC=hq,DC=mycompany,DC=com"
                    roles=("storage.monitor" "security.admin" "storage.admin");"

SMcli -n Array1 -c "set storageArray directoryServer ["domain1"]
                    groupDN="CN=ng-epg-engr-manageability,OU=Managed,
                    OU=MyCompanyGroups,DC=hq,DC=mycompany,DC=com"
                    roles=("support.admin");"

SMcli completed successfully.