We recently installed Ops Manager 4.0.2 (Data Fabric Manager) on Linux RH and NMC 3.0.2 on my desktop.
I can login to Ops Manager using root credentials for Linux Server where it is installed. As it stands as of now, anyone (Unix SAs) knowing the root password can login to Ops Manager. We want to restrict this access only to members of our team (Storage Admins). We might also want to grant the View Only access or certain roles for different users as the need may arise.
I went through the manuals and it contains the information regarding how to set the access per filer (Storage System). But couldn't locate anything specific for access to Ops Manager itself.
Can anyone please share some insight into how to control the access to Ops Manager?
1. You will not be able to disallow the Unix SAs from accessing OM. Since they know the root password they will be able to login and do anything.
2. You can create a read-only user by assigning the GlobalRead role to him:
dfm user role add <username> GlobalRead
Will the storage admins be added to DFM individually or are they members of a group that will be added to DFM?
We will be adding ourselves as part of a single group instead of individual members. When I use the command dfm user to add our group for administration (or some other group to allow view only), where are those users created/saved - on the filers or DFM server?
I'd tried adding our group (exists in Active Directory), it gave error saying "<user> does not exist in the administrator database(s), so login is disabled for this administrator.". Which administrator database it is referring to?
To add a group you will have to configure DFM to authenticate with the AD using LDAP. This dicussion - http://communities.netapp.com/message/27686#27686 - explains the steps required to do that (see the reply by richardsopp).