Skip to main content

Predefined roles for cluster administrators

Contributors netapp-ahibbard netapp-aherbin netapp-lenida netapp-thomi

The predefined roles for cluster administrators should meet most of your needs. You can create custom roles as necessary. By default, a cluster administrator is assigned the predefined admin role.

The following table lists the predefined roles for cluster administrators:

This role…​

Has this level of access…​

To the following commands or command directories

admin

all

All command directories (DEFAULT)

admin-no-fsa (available beginning in ONTAP 9.12.1)

Read/Write

  • All command directories (DEFAULT)

  • security login rest-role

  • security login role

Read only

  • security login rest-role create

  • security login rest-role delete

  • security login rest-role modify

  • security login rest-role show

  • security login role create

  • security login role create

  • security login role delete

  • security login role modify

  • security login role show

  • volume activity-tracking

  • volume analytics

None

volume file show-disk-usage

autosupport

all

  • set

  • system node autosupport

none

All other command directories (DEFAULT)

backup

all

vserver services ndmp

readonly

volume

none

All other command directories (DEFAULT)

readonly

all

  • security login password

    For managing own user account local password and key information only

  • set

none

security

readonly

All other command directories (DEFAULT)

snaplock

all

  • set

  • volume create

  • volume modify

  • volume move

  • volume show

none

  • volume move governor

  • volume move recommend

none

All other command directories (DEFAULT)

none

none

All command directories (DEFAULT)

Note The autosupport role is assigned to the predefined autosupport account, which is used by AutoSupport OnDemand. ONTAP prevents you from modifying or deleting the autosupport account. ONTAP also prevents you from assigning the autosupport role to other user accounts.