I am looking for some direction here. I am trying to develop a procedural document for performing emergency shutdowns of our filers in our various data centers. I would like to create a user account that only has the capability to perform the following::
I am being told that to perform these functions the user must be a full admin.but this will not work in my environment. Is it possible to automate this procedure? I have both 7-mode and cluster mode filers to deal with.
Any assistance would be greatly appreciated,
You can restrict user to specific commands only, but you cannot restrict user to command arguments. I.e. iyou can allow “cf” but not only “cf disable”.
If granting full command is too much, the only possibility is to use Data ONTAP API and create some scripts (e.g. using PowerShell or any other available language). API can be restricted based on subcommands as well.
RBAC is described in TR-3358 (there could be updates, did not check). Data ONTAP API is documented here: http://support.netapp.com/documentation/productlibrary/index.html?productID=60427. And PowerShell bindings are available on community site: https://communities.netapp.com/community/products_and_solutions/microsoft/powershell/data_ontap_powershell_toolkit_downloads