RBAC User Creator for Data ONTAP® – User Guide€¦ · Web viewIf the storage system is running...

RBAC User Creator for Data ONTAP® – User Guide

After RBAC User Creator is installed, start by running the application as Administrator. This is needed to get around UAC on Windows. Although, the application will run without, there will be no logging unless its is Run as administrator

Make sure to select ‘Run as administrator’

This is the main panel of the RBAC User Creator. First, enter the IP address of the storage system you want to create a user on. Enter the root/admin credentials. No other credentials will be accepted, then click LOGIN

Once RBAC User Creator has successfully logged in, the status will be displayed at the botton. The other fields will be enabled once RBAC User Creator has succcessfully authenticated with the storage system.

Also note the DOT version is listed for convenience. If the storage system is running Cluster Data ONTAP, the words “Cluster-mode” will be listed after the version string.

Enter a group name, role name, and user for RBAC User Creator to create. New in version 2, you can select either a new unused group name, role name, user name, or an existing one. Pull-down menu provide the list to chose from.

Next, select the product you want to create the RBAC user for. RBAC User Creator natively supports VSC, Balance, Snap Creator, SDW, SRA, and VASA. Support for additional product can easier be added by editing the ontapPrivs.xml XML file.

Select the product version

Select the Data ONTAP privilege roles you want this new user to have. RBAC User Creator handles all the role dependencies automatically. You can hover-over each for the roles for a description of their use.

Next, Click the PREVIEW button to display the list of privileges the new user will have

.

From here, you can select NO to end the PREVIEW and go back to the main panel, or YES to continue and create the username.

As RBAC User Creator iterates through each of the privileges, it keeps you informed of its status at the bottom of the panel.

Success! RBAC User Creator created user [vsc41_user] on 10.228.65.114.

On the storage system, you can verify what was created. This is the output from the console. Note: Console messaging may not be enabled on all 7-mode version of Data ONTAP.

EMS Log messages record what was created (7-mode only).

For Clustered Data ONTAP systems, the main window of RBAC User Creator changes slightly. You’ll notice the group name textbox is gone. And there is a Vserver pull-down list. RBAC User Creator allows you to create both Cluster-admin users as well has direct Vserver users that are valid only on the selected Vserver.

Simply select the Vserver you want to create the username one. In most cases, selecting the Cluster-admin Vserver will be the recommended choice.

And finally, once RBAC User Creator completes, add the storage system in VSC using the newly created ONTAP username