Configuration variables for role-based access control

Contributors netapp-ivanad akseldavis Download PDF of this page

You must set the various configuration variables related to role-based access control in the snapdrive.conf file.

Variable Description

contact-http-dfm-port = 8088

Specifies the HTTP port to use for communicating with an Operations Manager console server. The default value is 8088.

contact-ssl-dfm-port = 8488

Specifies the SSL port to use for communicating with an Operations Manager console server. The default value is 8488.

rbac-method=dfm

Specifies the access control methods. The possible values are native and dfm.

If the value is native, the access control file stored in /vol/vol0/sdprbac/sdhost-name.prbac is used for access checks.

If the value is set to dfm, Operations Manager console is a prerequisite. In such a case, SnapDrive for UNIX sends access checks to the Operations Manager console.

rbac-cache=on

SnapDrive for UNIX maintains a cache of access check queries and the corresponding results. SnapDrive for UNIX uses this cache only when all the configured Operations Manager console servers are down.

You can set this value to either on to enable cache, or to off to disable it. The default value is off so that you can configure SnapDrive for UNIX to use Operations Manager console and set the rbac-method configuration variable to dfm.

rbac-cache-timeout

Specifies the rbac cache timeout period and is applicable only when the rbac-cache is enabled. The default value is 24 hrs.

SnapDrive for UNIX uses this cache only when all the configured Operations Manager console servers are down.

use-https-to-dfm=on

This variable lets you set SnapDrive for UNIX to use SSL encryption (HTTPS) when it communicates with Operations Manager console. The default value is on.