Manage local group membership
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
You can manage local group membership by adding and removing local or domain users, or adding and removing domain groups. This is useful if you want to control access to data based on access controls placed on the group, or if you want users to have privileges associated with that group.
If you no longer want a local user, domain user, or domain group to have access rights or privileges based on membership in a group, you can remove the member from the group.
You must keep the following in mind when adding members to a local group:
-
You cannot add users to the special Everyone group.
-
You cannot add a local group to another local group.
-
To add a domain user or group to a local group, ONTAP must be able to resolve the name to a SID.
You must keep the following in mind when removing members from a local group:
-
You cannot remove members from the special Everyone group.
-
To remove a member from a local group, ONTAP must be able to resolve their name to a SID.
-
Add a member to or remove a member from a group.
-
Add a member:
vserver cifs users-and-groups local-group add-members ‑vserver vserver_name -group-name group_name ‑member-names name[,...]
You can specify a comma-delimited list of local users, domain users, or domain groups to add to the specified local group.
-
Remove a member:
vserver cifs users-and-groups local-group remove-members -vserver vserver_name -group-name group_name ‑member-names name[,...]
You can specify a comma-delimited list of local users, domain users, or domain groups to remove from the specified local group.
-
The following example adds a local user “SMB_SERVER01\sue” to the local group “SMB_SERVER01\engineering” on SVM vs1.example.com:
cluster1::> vserver cifs users-and-groups local-group add-members -vserver vs1.example.com -group-name SMB_SERVER01\engineering -member-names SMB_SERVER01\sue
The following example removes the local users “SMB_SERVER01\sue” and “SMB_SERVER01\james” from the local group “SMB_SERVER01\engineering” on SVM vs1.example.com:
cluster1::> vserver cifs users-and-groups local-group remove-members -vserver vs1.example.com -group-name SMB_SERVER\engineering -member-names SMB_SERVER\sue,SMB_SERVER\james