Skip to main content

Manage local group membership

Contributors netapp-ahibbard netapp-thomi netapp-aherbin

You can manage local group membership by adding and removing local or domain users, or adding and removing domain groups. This is useful if you want to control access to data based on access controls placed on the group or if you want users to have privileges associated with that group.

About this task

Guidelines for adding members to a local group:

  • You cannot add users to the special Everyone group.

  • The local group must exist before you can add a user to it.

  • The user must exist before you can add the user to a local group.

  • You cannot add a local group to another local group.

  • To add a domain user or group to a local group, Data ONTAP must be able to resolve the name to a SID.

Guidelines for removing members from a local group:

  • You cannot remove members from the special Everyone group.

  • The group from which you want to remove a member must exist.

  • ONTAP must be able to resolve the names of members that you want to remove from the group to a corresponding SID.

Step
  1. Add or remove a member in a group.

    If you want to…​ Then use the command…​

    Add a member to a group

    vserver cifs users-and-groups local-group add-members -vserver _vserver_name_ -group-name _group_name_ -member-names name[,...] You can specify a comma-delimited list of local users, domain users, or domain groups to add to the specified local group.

    Remove a member from a group

    vserver cifs users-and-groups local-group remove-members -vserver _vserver_name_ -group-name _group_name_ -member-names name[,...] You can specify a comma-delimited list of local users, domain users, or domain groups to remove from the specified local group.

    The following example adds a local user “SMB_SERVER\sue” and a domain group “AD_DOM\dom_eng” to the local group “SMB_SERVER\engineering” on SVM vs1:

    cluster1::> vserver cifs users-and-groups local-group add-members -vserver vs1 -group-name SMB_SERVER\engineering -member-names SMB_SERVER\sue,AD_DOMAIN\dom_eng

    The following example removes the local users “SMB_SERVER\sue” and “SMB_SERVER\james” from the local group “SMB_SERVER\engineering” on SVM vs1:

    cluster1::> vserver cifs users-and-groups local-group remove-members -vserver vs1 -group-name SMB_SERVER\engineering -member-names SMB_SERVER\sue,SMB_SERVER\james