Setting role-based access control capabilities and roles

Contributors akseldavis Download PDF of this page

After you enable role-based access control (RBAC) for SnapManager using SnapDrive, you can add RBAC capabilities and users to roles to perform SnapManager operations.

You must create a group in the Data Fabric Manager server and add the group to both primary and secondary storage systems. Run the following commands:

  • dfm group create smo_grp

  • dfm group add smo_grpprimary_storage_system

  • dfm group add smo_grpsecondary_storage_system

You can use either the Operations Manager web interface or the Data Fabric Manager server command-line interface (CLI) to modify RBAC capabilities and roles.

The table lists the RBAC capabilities required to perform SnapManager operations:

SnapManager operations RBAC capabilities required when data protection is not enabled RBAC capabilities required when data protection is enabled

Profile create or profile update

SD.Storage.Read (smo_grp)

SD.Storage.Read (SMO_profile dataset)

Profile protection

DFM.Database.Write (smo_grp)

SD.Storage.Read (smo_grp)

SD.Config.Read (smo_grp)

SD.Config.Write (smo_grp)

SD.Config.Delete (smo_grp)

GlobalDataProtection

None

Backup create

SD.Storage.Read (smo_grp)

SD.Snapshot.Write (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Delete (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Write (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Delete (SMO_profile dataset)

Backup create (with DBverify)

SD.Storage.Read (smo_grp)

SD.Snapshot.Write (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Delete (smo_grp)

SD.SnapShot.Clone (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Write (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Delete (SMO_profile dataset)

SD.SnapShot.Clone (SMO_profile dataset)

Backup create (with RMAN)

SD.Storage.Read (smo_grp)

SD.Snapshot.Write (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Delete (smo_grp)

SD.SnapShot.Clone (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Write (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Delete (SMO_profile dataset)

SD.SnapShot.Clone (SMO_profile dataset)

Backup restore

SD.Storage.Read (smo_grp)

SD.Snapshot.Write (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Delete (smo_grp)

SD.SnapShot.Clone (smo_grp)

SD.Snapshot.Restore (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Write (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Delete (SMO_profile dataset)

SD.SnapShot.Clone (SMO_profile dataset)

SD.Snapshot.Restore (SMO_profile dataset)

Backup delete

SD.Snapshot.Delete (smo_grp)

SD.Snapshot.Delete (SMO_profile dataset)

Backup verify

SD.Storage.Read (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Clone (smo_grp))

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Clone (SMO_profile dataset)

Backup mount

SD.Storage.Read (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.Snapshot.Clone (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.Snapshot.Clone (SMO_profile dataset)

Backup unmount

SD.Snapshot.Clone (smo_grp)

SD.Snapshot.Clone (SMO_profile dataset)

Clone create

SD.Storage.Read (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.SnapShot.Clone (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.SnapShot.Clone (SMO_profile dataset)

Clone delete

SD.Snapshot.Clone (smo_grp)

SD.Snapshot.Clone (SMO_profile dataset)

Clone split

SD.Storage.Read (smo_grp)

SD.Snapshot.Read (smo_grp)

SD.SnapShot.Clone (smo_grp)

SD.Snapshot.Delete (smo_grp)

SD.Storage.Write (smo_grp)

SD.Storage.Read (SMO_profile dataset)

SD.Snapshot.Read (SMO_profile dataset)

SD.SnapShot.Clone (SMO_profile dataset)

SD.Snapshot.Delete (SMO_profile dataset)

SD.Storage.Write (SMO_profile dataset)

For details about defining RBAC capabilities, see the OnCommand Unified Manager Operations Manager Administration Guide.

  1. Access the Operations Manager console.

  2. From the Setup menu, select Roles.

  3. Select an existing role or create a new one.

  4. To assign operations to your database storage resources, click Add capabilities.

  5. On the Edit Role Settings page, to save your changes to the role, click Update.

Related information