I’ve created a new C# application that will assist you in creating RBAC usernames for Data ONTAP. It is called the RBAC User Creator for Data ONTAP®. This application can be used to create usernames in both 7-mode and Clustered Data ONTAP environments. It takes care of the small differences between the Data ONTAP versions as well as the variances with the NetApp products using them.
This is actually the second release. The first version was limited to creating Data ONTAP usernames only for VSC. Version 2 supports multiple OFFTAP products. Before I delve too much into what else is new in version 2.0, let me tell you a little about how the application works.
The lists of privileges being created are stored in XML (ontapPrivs.xml). This was done for two primary reasons:
1. You can clearly see the privileges so there is complete transparency with regards to the new user RBAC User Creator is creating
2. Additional privileges and products can be added later without the need to recompile the application.
Please make note of the last sentence. Additional products can be added without needing to recompile the application. This is an important aspect of version 2.0. You can think of RBAC User Creator being a framework of sorts. All the products and privileges for those products are listed in the XML file. Adding support for another product or product version is as simple as adding the information in the XML file. Out of the box, RBAC User Creator has native support for the following products:
- Virtual Storage Console for VMware vSphere
- OnCommand Balance
- Snap Creator Framework
- SnapDrive for Windows
- VASA Provider for VMware vCenter
- Storage Replication Adapter for VMware Site Recovery Manager (*NEW*)
- Virtual Storage Console for Citrix XenServer (*NEW*)
- NetApp Recovery Manager for Citrix Sharefile (*NEW*)
- OnCommand Unified Manager (DFM) 5.1 (*NEW*)
In just a few short clicks you can create ONTAP usernames with all the required privileges needed by VSC.
In order to guide you along, the non-relevant sections are greyed out. Simply enter the root or admin username and IP of the storage system you want to create the user on. Click the LOGIN button, and it will login and determine the controller type. If the storage system is running Clustered Data ONTAP, the list of Vservers will be displayed. RBAC User Creator supports creating users on the Cluster-Admin Vserver as well as on Data Vservers. Simply select the Vserver from the pull-down list.
NOTE: RBAC User Creator requires root/admin storage credentials for creating new usernames.
Remember, RBAC User Creator handles all the differences between 7-mode and Clustered Data ONTAP. Simply select your VSC version you're using, and the roles you want the new user to have. Then, select the product and product version.
RBAC User Creator will merge all the privileges from the selected roles and combine them in a sorted list. Since there is an ONTAP limit in the number to privileges in a role, RBAC User Creator will create iterated roles names in the form of <rolename>.X. In the case of Clustered Data ONTAP, it handles both the read-only and all-access privileges.
If you are unsure on what privileges the new user will have, you can click on the PREVIEW button to preview the list. It will show you the sorted list of all the privileges to be added.
If the storage system is running 7-mode, it will create an EMS log detailing the creation of this new username. Hopefully, I'll be able to add this functionality for Clustered Data ONTAP soon.
After the username is created, simply login into you application and add the storage system using the new username.
If anything goes wrong, post the ONTAPUserCreator.log file here in this thread.
The following articles (TRs, IAG, and KBs) were used to generate the XML. Please let me know if any are missing.
SnapDrive for Windows
VSC for VMware vSphere
SRA for SRM 4
SRA for SRM 5
- Added support for VSC 4.2.1 and VSC 5.0 Beta
- Added missing privileges for VSC and OnCommand Balance
- Fixed a error in the XML file for VSC 4.2 Backup-Recovery Role
- Added support for OnCommand Unified Manager 5.1
- Added support for VSC 4.2 for VMware vSphere
- Added support for SRC for VMware SRM
- Added support for Snap Creator Framework 4.0
- Added support for VSC for Citrix XenServer
- Added support for NetApp Recovery Manager for Citrix ShareFile
- Removed clear text passwords in the log file
- Fixed the XML syntax error for VSC 4.1P1
- Other miscellaneous bug fixes
- Added support for VSC 4.1P1
- Fixed an issue where the controller validation would fail if MultiStore was not licensed.
- Changed the application name to RBAC User Creator for Data ONTAP®
- Added support for multiple products. Natively, RBAC User Creator supports VSC, SDW, SRA, Balance, VASA, and Snap Creator. Additional products can be added to the XML.
- Added support for modifying existing DOT username, roles and groups.
- Bug fixes
- Updated InstallShield to auto-generated the correct package name,
- Fixed a minor issue where privilege 'cluster identity show' was not being loaded
- Updated ONTAPUserCreator. Added validation checks when clicking the submit button. Any missing fields should now be flagged.
- Initial release