SnapDrive commands and capabilities

Contributors netapp-ivanad Download PDF of this page

In role-based access control (RBAC), a specific capability is required for each operation to be successful. A user must have the correct set of capabilities assigned to carry out storage operations.

The following table lists the commands and the corresponding capabilities required:

Command Capability

storage show

SD.Storage.Read on volume

storage list

SD.Storage.Read on volume

storage create

  • For LUNs inside volumes: SD.Storage.Write on Volume

  • For LUNs inside qtrees: SD.Storage.Write on qtree

storage resize

SD.Storage.Write on LUN

storage delete

SD.Storage.Delete on LUN

snap show

SD.SnapShot.Read on volume

snap list

SD.SnapShot.Read on volume

snap delete

SD.Storage.Delete on volume

snap rename

SD.Storage.Write on volume

snap connect

  • For LUN clones in volume: SD.SnapShot.Clone on volume

  • For LUN clones in qtree: SD.SnapShot.Clone on qtree

  • For traditional volume clones: SD.SnapShot.Clone on storage system

  • For FlexClone volume: SD.SnapShot.Clone on the parent volume

  • For unrestricted Flexclone volumes: SD.SnapShot.UnrestrictedClone on the parent volume

snap connect-split

  • For LUN clones (LUN cloned and split in volume): SD.SnapShot.Clone on volume and SD.Storage.Write on volume

  • For LUN clones (LUN cloned and split in qtree): SD.SnapShot.Clone on qtree and SD.Storage.Write on qtree

  • For traditional volume clones which are split: SD.SnapShot.Clone on storage system and SD.Storage.Write on storage system

  • For Flex volume clones which are split: SD.SnapShot.Clone on the parent volume.

clone split start

  • For LUN clones where the LUN resides in volume or qtree: SD.SnapShot.Clone containing volume or qtree

  • For volume clones: SD.SnapShot.Clone on the parent volume

snap disconnect

  • For LUN clones where the LUN resides in volume or qtree: SD.SnapShot.Clone containing volume or qtree

  • For volume clones: SD.SnapShot.Clone on the parent volume

  • For deletion of unrestricted volume clones: SD.SnapShot.DestroyUnrestrictedClone on the volume

snap disconnect-split

  • For LUN clones where the LUN resides in volume or qtree: SD.SnapShot.Clone on the containing volume or qtree

  • For volume clones: SD.Storage.Delete on the parent volume

  • For deletion of unrestricted volume clones: SD.SnapShot.DestroyUnrestrictedClone on the volume

snap restore

  • For LUNs that exist in a volume: SD.SnapShot.Restore on volume and SD.Storage.Write on LUN

  • For LUNs which exists in a qtree: SD.SnapShot.Restore on qtree and SD.Storage.Write on LUN

  • For LUNs which are not in the volumes: SD.SnapShot.Restore on volume and SD.Storage.Write on volume

  • For LUNs which are not in qtree: SD.SnapShot.Restore on qtree and SD.Storage.Write on qtree

  • For volumes: SD.SnapShot.Restore on storage system for traditional volumes, or SD.SnapShot.Restore on aggregate for flexible volumes

  • For single-file snap restore in volumes: SD.SnapShot.Restore on the volume

  • For single-file snap restore in qtree: SD.SnapShot.Restore qtree

  • For overriding baseline Snapshot copies: SD.SnapShot.DisruptBaseline on the volume

host connect, host disconnect

SD.Config.Write on the LUN

config access

SD.Config.Read on the storage system

config prepare

SD.Config.Write on at least one storage system

config check

SD.Config.Read on at least one storage system

config show

SD.Config.Read on at least one storage system

config set

SD.Config.Write on storage system

config set -dfm, config set -mgmtpath,

SD.Config.Write on at least one storage system

config delete

SD.Config.Delete on storage system

config delete dfm_appliance, config delete -mgmtpath

SD.Config.Delete on at least one storage system

config list

SD.Config.Read on at least one storage system

config migrate set

SD.Config.Write on at least one storage system

config migrate delete

SD.Config.Delete on at least one storage system

config migrate list

SD.Config.Read on at least one storage system

Note SnapDrive for UNIX does not check any capability for administrator (root).