It's been a long time, but I do remember having come across a detailed listing of the various capabilities. I do not remember where I found it, nor can I find a local copy. I do however remember that the cli ablities were pretty much all or nothing. For example cli-volume-*. If someone had the cli-volume capability they could perform any volume function from the command line. The api abilities however were more refined. i.e. api-volume-read, api-volume-write. This gave you the ability to have a finer control over what administrators could do via api interfaces.
If you need something other than the pre-defined roles, then you have to create them, assign the capabilities to them, and assign them to the groups you want to use them.
Wish I could be more helpful than that.
On Mon, Jan 23, 2012 at 7:15 PM, Randy Rue rrue@fhcrc.org wrote:
http://communities.netapp.com/message/5448?tstart=0****
I believe the guests group has no abilities.****
I've created a group (ro_group), mapped it to a role (ro_role) which has the filerview-readonly ability. Also mapped it "upward" to an AD group which contains my RO user.****
The link above describes my situation exactly. Yes, there's a RO role for the filerview but no standard RO role for CLI use and no easily identifiable list of capabilities that might make up such a role. That was as of 2008, however.****
I'll keep looking. Or if I build a list I'll post it here.****
Randy****
*From:* Chris Muellner [mailto:chris@northlandusa.com] *Sent:* Monday, January 23, 2012 2:24 PM *To:* Bill Holland; Randy Rue *Cc:* toasters@teaparty.net *Subject:* RE: read only role?****
There is a guests group. You can also create Windows security groups and assign them to a local group on the controllers.****
http://now.netapp.com/NOW/knowledge/docs/ontap/rel801/html/ontap/sysadmin/GU...
*From:* toasters-bounces@teaparty.net [ mailto:toasters-bounces@teaparty.net toasters-bounces@teaparty.net] *On Behalf Of *Bill Holland *Sent:* Monday, January 23, 2012 4:12 PM *To:* Randy Rue *Cc:* toasters@teaparty.net *Subject:* Re: read only role?****
I believe there is a builtin read only role.****
On Mon, Jan 23, 2012 at 4:54 PM, Randy Rue rrue@fhcrc.org wrote:****
Hello All,****
Looking to add a read-only role for techs in our department who are investigating some things but don't need (or want) to risk breaking stuff.
Is there a "standard" list of capabilities that can be added to a role that will give the ability to see stuff but not break stuff?****
Thanks in advance,****
Randy Rue****
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters****
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters