Hi everybody,
I have created a role and user for VSC on ONTAP 9.0 cluster via RBAC user creator. The user has only discovery permissions, because it is not used for backup, restore or cloning operations.
The role has the following capabilities:
security login role show -role vsc_role
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
vmware vsc_role DEFAULT none
lun create readonly
lun geometry readonly
lun igroup create readonly
lun igroup modify readonly
lun igroup show readonly
lun mapping create readonly
lun mapping delete readonly
lun mapping show readonly
lun modify readonly
lun show readonly
network interface readonly
security login role show-user-capability all
set all
snapmirror create all
snapmirror list-destinations readonly
snapmirror show all
version readonly
volume create readonly
volume efficiency modify all
volume efficiency show all
volume efficiency stat all
volume modify readonly
volume qtree create readonly
volume qtree show readonly
volume quota report readonly
volume show readonly
vserver readonly
vserver export-policy create readonly
vserver export-policy delete readonly
vserver export-policy rule create readonly
vserver export-policy rule delete readonly
vserver export-policy rule modify readonly
vserver export-policy rule show readonly
vserver export-policy show readonly
vserver fcp create readonly
vserver fcp delete readonly
vserver fcp initiator show readonly
vserver fcp interface show readonly
vserver fcp modify readonly
vserver fcp show readonly
vserver iscsi create readonly
vserver iscsi delete readonly
vserver iscsi modify readonly
vserver iscsi show readonly
vserver nfs create readonly
vserver nfs delete readonly
vserver nfs modify readonly
vserver nfs show readonly
VSC 6.2.1 reports the status "Insufficient previleges" with error message "One or more required RBAC capabilities not specified for this user".
The VSC logfile logs messages like "API failed. Insufficient privileges: user 'netapp_vsc' does not have write access to this resource (errno=13003) (called from com.netapp.exoforce.server.zapi.ControllerUtilCMode.getDedupeSizeShared(...) on line 629)".
My thought was, that the resource "getDedupeSizeShared" should be in "volume efficiency show" but it seems to be not.
So my question is: Which capability contains the resource "getDedupeSizeShared" and has to be added/modified?
Thanks,
Tino
Tino