Skip to main content

Manage local group membership

Contributors netapp-aherbin

You can manage local group membership by adding and removing local or domain users, or adding and removing domain groups. This is useful if you want to control access to data based on access controls placed on the group, or if you want users to have privileges associated with that group.

About this task

If you no longer want a local user, domain user, or domain group to have access rights or privileges based on membership in a group, you can remove the member from the group.

You must keep the following in mind when adding members to a local group:

  • You cannot add users to the special Everyone group.

  • You cannot add a local group to another local group.

  • To add a domain user or group to a local group, ONTAP must be able to resolve the name to a SID.

You must keep the following in mind when removing members from a local group:

  • You cannot remove members from the special Everyone group.

  • To remove a member from a local group, ONTAP must be able to resolve their name to a SID.

Steps
  1. Add a member to or remove a member from a group.

    • Add a member: vserver cifs users-and-groups local-group add-members ‑vserver vserver_name -group-name group_name ‑member-names name[,...]

      You can specify a comma-delimited list of local users, domain users, or domain groups to add to the specified local group.

    • Remove a member: vserver cifs users-and-groups local-group remove-members -vserver vserver_name -group-name group_name ‑member-names name[,...]

      You can specify a comma-delimited list of local users, domain users, or domain groups to remove from the specified local group.

Examples

The following example adds a local user “SMB_SERVER01\sue” to the local group “SMB_SERVER01\engineering” on SVM vs1.example.com:

cluster1::> vserver cifs users-and-groups local-group add-members -vserver vs1.example.com -group-name SMB_SERVER01\engineering -member-names SMB_SERVER01\sue

The following example removes the local users “SMB_SERVER01\sue” and “SMB_SERVER01\james” from the local group “SMB_SERVER01\engineering” on SVM vs1.example.com:

cluster1::> vserver cifs users-and-groups local-group remove-members -vserver vs1.example.com -group-name SMB_SERVER\engineering -member-names SMB_SERVER\sue,SMB_SERVER\james