Quantcast
Channel: All Data Protection posts
Viewing all articles
Browse latest Browse all 3487

RBAC with VSC 6.2.1 and ONTAP 9.0

$
0
0

Hi everybody,

 

I have created a role and user for VSC on ONTAP 9.0 cluster via RBAC user creator. The user has only discovery permissions, because it is not used for backup, restore or cloning operations.

 

The role has the following capabilities:

 

security login role show -role vsc_role
           Role          Command/                                      Access
Vserver    Name          Directory                               Query Level
---------- ------------- --------- ----------------------------------- --------
vmware     vsc_role      DEFAULT                                       none
                         lun create                                    readonly
                         lun geometry                                  readonly
                         lun igroup create                             readonly
                         lun igroup modify                             readonly
                         lun igroup show                               readonly
                         lun mapping create                            readonly
                         lun mapping delete                            readonly
                         lun mapping show                              readonly
                         lun modify                                    readonly
                         lun show                                      readonly
                         network interface                             readonly
                         security login role show-user-capability      all
                         set                                           all
                         snapmirror create                             all
                         snapmirror list-destinations                  readonly
                         snapmirror show                               all
                         version                                       readonly
                         volume create                                 readonly
                         volume efficiency modify                      all
                         volume efficiency show                        all
                         volume efficiency stat                        all
                         volume modify                                 readonly
                         volume qtree create                           readonly
                         volume qtree show                             readonly
                         volume quota report                           readonly
                         volume show                                   readonly
                         vserver                                       readonly
                         vserver export-policy create                  readonly
                         vserver export-policy delete                  readonly
                         vserver export-policy rule create             readonly
                         vserver export-policy rule delete             readonly
                         vserver export-policy rule modify             readonly
                         vserver export-policy rule show               readonly
                         vserver export-policy show                    readonly
                         vserver fcp create                            readonly
                         vserver fcp delete                            readonly
                         vserver fcp initiator show                    readonly
                         vserver fcp interface show                    readonly
                         vserver fcp modify                            readonly
                         vserver fcp show                              readonly
                         vserver iscsi create                          readonly
                         vserver iscsi delete                          readonly
                         vserver iscsi modify                          readonly
                         vserver iscsi show                            readonly
                         vserver nfs create                            readonly
                         vserver nfs delete                            readonly
                         vserver nfs modify                            readonly
                         vserver nfs show                              readonly
 
 
VSC 6.2.1 reports the status  "Insufficient previleges" with error message "One or more required RBAC capabilities not specified for this user".
 
The VSC logfile logs messages like "API failed. Insufficient privileges: user 'netapp_vsc' does not have write access to this resource (errno=13003) (called from  com.netapp.exoforce.server.zapi.ControllerUtilCMode.getDedupeSizeShared(...) on line 629)".
 
My thought was, that the resource "getDedupeSizeShared" should be in "volume efficiency show" but it seems to be not.
 
So my question is: Which capability contains the resource "getDedupeSizeShared" and has to be added/modified?
 
Thanks,
Tino
 

Viewing all articles
Browse latest Browse all 3487

Trending Articles