Add privileges to local or domain users or groups
You can manage user rights for local or domain users or groups by adding privileges. The added privileges override the default privileges assigned to any of these objects. This provides enhanced security by allowing you to customize what privileges a user or group has.
The local or domain user or group to which privileges will be added must already exist.
Adding a privilege to an object overrides the default privileges for that user or group. Adding a privilege does not remove previously added privileges.
You must keep the following in mind when adding privileges to local or domain users or groups:
-
You can add one or more privileges.
-
When adding privileges to a domain user or group, ONTAP might validate the domain user or group by contacting the domain controller.
The command might fail if ONTAP is unable to contact the domain controller.
-
Add one or more privileges to a local or domain user or group:
vserver cifs users-and-groups privilege add-privilege -vserver _vserver_name_ -user-or-group-name name -privileges _privilege_[,...]
-
Verify that the desired privileges are applied to the object:
vserver cifs users-and-groups privilege show -vserver vserver_name ‑user-or-group-name name
The following example adds the privileges “SeTcbPrivilege” and “SeTakeOwnershipPrivilege” to the user “CIFS_SERVER\sue” on storage virtual machine (SVM, formerly known as Vserver) vs1:
cluster1::> vserver cifs users-and-groups privilege add-privilege -vserver vs1 -user-or-group-name CIFS_SERVER\sue -privileges SeTcbPrivilege,SeTakeOwnershipPrivilege cluster1::> vserver cifs users-and-groups privilege show -vserver vs1 Vserver User or Group Name Privileges --------- --------------------- --------------- vs1 CIFS_SERVER\sue SeTcbPrivilege SeTakeOwnershipPrivilege