Create login accounts overview
You can enable local or remote cluster and SVM administrator accounts. A local account is one in which the account information, public key, or security certificate resides on the storage system. AD account information is stored on a domain controller. LDAP and NIS accounts reside on LDAP and NIS servers.
Cluster and SVM administrators
A cluster administrator accesses the admin SVM for the cluster. The admin SVM and a cluster administrator with the reserved name
admin are automatically created when the cluster is set up.
A cluster administrator with the default
admin role can administer the entire cluster and its resources. The cluster administrator can create additional cluster administrators with different roles as needed.
An SVM administrator accesses a data SVM. The cluster administrator creates data SVMs and SVM administrators as needed.
SVM administrators are assigned the
vsadmin role by default. The cluster administrator can assign different roles to SVM administrators as needed.
The following generic names cannot be used for remote cluster and SVM administrator accounts: "adm", "bin", "cli", "daemon", "ftp", "games", "halt", "lp", "mail", "man", "naroot", "netapp", "news", "nobody", "operator", "root", "shutdown", "sshd", "sync", "sys", "uucp", and "www".
If you enable multiple remote accounts for the same user, the user is assigned the union of all roles specified for the accounts. That is, if an LDAP or NIS account is assigned the
vsadmin role, and the AD group account for the same user is assigned the
vsadmin-volume role, the AD user logs in with the more inclusive
vsadmin capabilities. The roles are said to be merged.