Release notes
ONTAP administrator authentication and RBAC workflow summary
Suggest changes
PDFs
You can enable authentication for local administrator accounts or remote administrator accounts. The account information for a local account resides on the storage system and the account information for a remote account resides elsewhere. Each account can have a predefined role or a custom role.
Complete configuration worksheetBefore creating login accounts and setting up role-based access control (RBAC), you should gather information for each item in the configuration worksheets.
Determine if the administrator account is local or remote-
If remote: Determine the type of remote access. Depending on the access type, enable Active Directory access, enable LDAP or NIS access, or configure SAML authentication (only for admin SVM).
Set up role-based accessThe role assigned to an administrator determines the commands to which the administrator has access. The role is assigned when you create the administrator account and can be modified later. You can use predefined roles for cluster and SVM administrators, or define custom roles as needed.
Manage administrator accountsDepending on how you have enabled account access, you may need to associate a public key with a local account, manage public keys and X.509 certificates, configure Cisco Duo 2FA for SSH logins, install a CA-signed server digital certificate, or configure Active Directory, LDAP, or NIS access. You can perform all of these tasks before or after enabling account access.
Configure additional security features-
Manage multi-admin verification if you want to ensure that certain operations require approval from designated administrators.
-
Manage dynamic authorization if you want to dynamically apply additional authorization checks based on a user's trust level.
