Dynamic authorization overview
Suggest changes
PDFs
Beginning with ONTAP 9.15.1, administrators can configure and enable dynamic authorization to increase security of remote access to ONTAP while also mitigating potential damage that could be caused by a malicious actor. With ONTAP 9.15.1, dynamic authorization provides an initial framework for assigning a security score to users and, if their activity looks suspicious, challenging them with additional authorization checks or denying an operation completely. Administrators can create rules, assign trust scores, and restrict commands to determine when certain activity is allowed or denied for a user. Administrators can enable dynamic authorization cluster-wide or for individual storage VMs.
How dynamic authorization works
Dynamic authorization uses a trust scoring system to assign users a different level of trust depending on the authorization policies. Based on the user's trust level, an activity they perform can be allowed or denied, or the user can be prompted for further authentication.
Refer to Customize dynamic authorization to learn more about how to configure criteria score weights and other dynamic authorization attributes.
Trusted devices
When dynamic authorization is in use, the definition of a trusted device is a device used by a user to log in to ONTAP using public key authentication as one of the authentication methods. The device is trusted because only that user has possession of the corresponding private key.
Dynamic authorization example
Take the example of three different users attempting to delete a volume. When they try to perform the operation, the risk rating for each user is examined:
-
The first user logs in from a trusted device with very few previous authentication failures, which makes her risk rating low; the operation is allowed without additional authentication.
-
The second user logs in from a trusted device with a moderate percentage of previous authentication failures, which makes the risk rating moderate; she is prompted for additional authentication before the operation is allowed.
-
The third user logs in from an untrusted device with a high percentage of previous authentication failures, which makes the risk rating high; the operation is not allowed.