Release notes
Multi-admin verification
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.11.1, you can use multi-admin verification (MAV) to allow certain operations, such as deleting volumes or Snapshot copies, to be executed only after approvals from designated administrators. This prevents compromised, malicious, or inexperienced administrators from making undesirable changes or deleting data.
Configuring MAV consists of the following:
After initial configuration, only administrators in a MAV approval group (MAV administrators) can modify these elements.
When MAV is enabled, the completion of every protected operation requires three steps:
-
When a user initiates the operation, a request is generated.
-
Before it can be executed, the required number of MAV administrators must approve.
-
After approval, the user completes the operation.
MAV is not intended for use with volumes or workflows that involve heavy automation because each automated task requires approval before the operation can be completed. If you want to use automation and MAV together, NetApp recommends that you use queries for specific MAV operations. For example, you can apply volume delete MAV rules only to volumes where automation is not involved, and you can designate those volumes with a particular naming scheme.
For more detailed information about MAV, see the ONTAP multi-admin verification documentation.