RBAC with VSC 6.2.1 and ONTAP 9.0

Hi everybody,

I have created a role and user for VSC on ONTAP 9.0 cluster via RBAC user creator. The user has only discovery permissions, because it is not used for backup, restore or cloning operations.

The role has the following capabilities:

security login role show -role vsc_role

Role Command/ Access

Vserver Name Directory Query Level

---------- ------------- --------- ----------------------------------- --------

vmware vsc_role DEFAULT none

lun create readonly

lun geometry readonly

lun igroup create readonly

lun igroup modify readonly

lun igroup show readonly

lun mapping create readonly

lun mapping delete readonly

lun mapping show readonly

lun modify readonly

lun show readonly

network interface readonly

security login role show-user-capability all

set all

snapmirror create all

snapmirror list-destinations readonly

snapmirror show all

version readonly

volume create readonly

volume efficiency modify all

volume efficiency show all

volume efficiency stat all

volume modify readonly

volume qtree create readonly

volume qtree show readonly

volume quota report readonly

volume show readonly

vserver readonly

vserver export-policy create readonly

vserver export-policy delete readonly

vserver export-policy rule create readonly

vserver export-policy rule delete readonly

vserver export-policy rule modify readonly

vserver export-policy rule show readonly

vserver export-policy show readonly

vserver fcp create readonly

vserver fcp delete readonly

vserver fcp initiator show readonly

vserver fcp interface show readonly

vserver fcp modify readonly

vserver fcp show readonly

vserver iscsi create readonly

vserver iscsi delete readonly

vserver iscsi modify readonly

vserver iscsi show readonly

vserver nfs create readonly

vserver nfs delete readonly

vserver nfs modify readonly

vserver nfs show readonly

VSC 6.2.1 reports the status "Insufficient previleges" with error message "One or more required RBAC capabilities not specified for this user".

The VSC logfile logs messages like "API failed. Insufficient privileges: user 'netapp_vsc' does not have write access to this resource (errno=13003) (called from com.netapp.exoforce.server.zapi.ControllerUtilCMode.getDedupeSizeShared(...) on line 629)".

My thought was, that the resource "getDedupeSizeShared" should be in "volume efficiency show" but it seems to be not.

So my question is: Which capability contains the resource "getDedupeSizeShared" and has to be added/modified?

Thanks,
Tino

RBAC with VSC 6.2.1 and ONTAP 9.0

Trending Articles

Airline boss fails to find sureties

自動マウントを無効に設定したシステムにて Windows Server バックアップが失敗する場合の対応について

Killer Peter Stark granted pass to leave prison

High police presence reported in Broadfield including helicopter

Mahanoy Area board sets new graduation date

Scunthorpe teen jailed for raping woman as she slept & taking...

Issues installing KB2533623 on Windows Server 2008 R2 SP1 64-Bit

The Crack Era In Philadelphia Revisited: Philly Junior Black Mafia Timeline...

KMS ホストキーの選び方

NIKZAD MIRIAM AUBREY MIMI 6/...

SharePoint Online の HTTP 調整 (応答コード 429) に関して

Black Angus Grilled Artichokes

How to delete a request from a database table in a debug mode

AOMEI Backupper is in progress, please wait

[SG News]Lady Who Shot Sexy Photos Of Herself At HDB Flats Is Exposed As Natalie

1981-Depeche Mode - Speak & Spell multichannel WAV RE UP

Cecil Smith Has Taken His Life, After Being the Subject of Conspiracy...

Practice Sheet of Right form of verbs for HSC Students

CYD A B MITCHELL ANDREWS Arrested by Clackamas County Sheriff's Office on Jan...

[GET] James Smith – Starter Kit Bundle ($199.00)