1 Reply Latest reply: Aug 19, 2013 12:25 PM by dbkelly RSS

OnTap RBAC for VSC @ Snapmirror Destination

JIM.SURLOW Sprinter
Currently Being Moderated

Looking through the KB, there are a number of RBAC privs that need to be listed.  As I try to work with a customer who is using VSC at their site, am wondering what the minimum perms are needed at the snapmirror destination site.  Outside of the requirement for api-snapmirror-update & login-http, am wondering if all the others are actually required for the backup/recovery user.

 

There are more perms here than I wish to actually turn over, as an example: api-igroup-destroy, api-lun-unmap, api-nfs-exportfs-appen-rules-2 & api-nfs-exportfs-modify-rule-2, api-snapshot-delete, api-snapshot-rename, api-system-cli, api-volume-destroy, api-volume-offline, cli-ifconfig

 

I can see why some of these would be needed at the primary site, but at the destination - only if they also have abilities to spin up the VMs and the destination side ESX hosts are in the same vCenter - not the case in our environment.

 

Goal:  Allow for the customer to use VSC Backup & Recovery at their site without issue (don't want errors to show up because of restrictions at the destination), allow for the customer to execute a snapmirror update.

 

Thoughts?

 

TIA,

 

Jim

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points