Configure user roles and privileges
You can configure new user roles for managing storage systems using the JSON file provided with ONTAP tools for VMware vSphere and ONTAP System Manager.
What you'll need
-
You should have downloaded the ONTAP Privileges file from ONTAP tools following these steps:
-
Navigate to
https://{virtual_appliance_IP}:9083/vsc/config/
-
Download the file VSC_ONTAP_User_Privileges.zip
-
Extract the downloaded VSC_ONTAP_User_Privileges.zip file
-
Access System Manager
See KB article - Virtual Storage Console: How to retrieve the JSON file to configure user roles and privileges for instructions on how to download the ONTAP Privileges file from Web-CLI.
-
-
You should have configured ONTAP 9.8P1 or later storage.
-
You should have logged in with administrator privileges for the storage system.
Steps
-
Unzip the downloaded
https://{virtual_appliance_IP}:9083/vsc/config/VSC_ONTAP_User_Privileges.zip
file. -
Access ONTAP System Manager.
-
Click CLUSTER > Settings > Users and Roles.
-
Click Add User.
-
In the Add User dialog box, select Virtualization products.
-
Click Browse to select and upload the ONTAP Privileges JSON file.
The PRODUCT field is auto populated.
-
Select the required capability from the PRODUCT CAPABILITY drop-down menu.
The ROLE field is auto populated based on the product capability selected.
-
Enter the required username and password.
-
Select the privileges (Discovery, Create Storage, Modify Storage, Destroy Storage) required for the user, and then click Add.
The new role and user is added and you can see the detailed privileges under the role that you have configured.
The uninstall operation does not remove ONTAP tools roles but removes the localized names for the ONTAP tools-specific privileges and appends the prefix to “XXX missing privilege” them. This behavior happens because the vCenter Server does not provide an option to remove privileges. When you reinstall ONTAP tools or upgrade to a newer version of ONTAP tools, all of the standard ONTAP tools roles and ONTAP tools-specific privileges are restored. |