Accounts that can access the SP
Suggest changes
PDFs
When you try to access the SP, you are prompted for credential. Cluster user accounts that are created with the service-processor application type have access to the SP CLI on any node of the cluster. SP user accounts are managed from ONTAP and authenticated by password. Beginning with ONTAP 9.9.1, SP user accounts must have the admin role.
User accounts for accessing the SP are managed from ONTAP instead of the SP CLI. A cluster user account can access the SP if it is created with the -application parameter of the security login create command set to service-processor and the -authmethod parameter set to password. The SP supports only password authentication.
You must specify the -role parameter when creating an SP user account.
-
In ONTAP 9.9.1 and later releases, you must specify
adminfor the-roleparameter, and any modifications to an account require theadminrole. Other roles are no longer permitted for security reasons.-
If you are upgrading to ONTAP 9.9.1 or later releases, see Change in user accounts that can access the Service Processor.
-
If you are reverting to ONTAP 9.8 or earlier releases, see Verify user accounts that can access the Service Processor.
-
-
In ONTAP 9.8 and earlier releases, any role can access the SP, but
adminis recommended.
By default, the cluster user account named “admin” includes the service-processor application type and has access to the SP.
ONTAP prevents you from creating user accounts with names that are reserved for the system (such as “root” and “naroot”). You cannot use a system-reserved name to access the cluster or the SP.
You can display current SP user accounts by using the -application service-processor parameter of the security login show command.