Administrator authentication and RBAC
Administrators use local or remote login accounts to authenticate themselves to the cluster and SVM. Role-Based Access Control (RBAC) determines the commands to which an administrator has access.
You can create local or remote cluster and SVM administrator accounts:
A local account is one in which the account information, public key, or security certificate resides on the storage system.
A remote account is one in which account information is stored on an Active Directory domain controller, an LDAP server, or a NIS server.
Except for DNS, ONTAP uses the same name services to authenticate administrator accounts as it uses to authenticate clients.
The role assigned to an administrator determines the commands to which the administrator has access. You assign the role when you create the account for the administrator. You can assign a different role or define custom roles as needed.