RE: read only role?

As FilerView is being phased out - is read-only possible with System Manager? ________________________________________ From: toasters-bounces@teaparty.net [toasters-bounces@teaparty.net] On Behalf Of Ehrhart, Rick [Rick.Ehrhart@netapp.com] Sent: Tuesday, January 24, 2012 04:40 To: Randy Rue; toasters@teaparty.net Subject: RE: read only role?

Randy –

The situation is a follows.

ONTAP capabilities are at the command level or the API level, and not the subcommands. Subcommand support would be needed for a read-only CLI role. However APIs are divided out by verb and object, so a read-only API role is obtainable and is implemented with filerview-readonly.

For example there is a volume-create API and a volume-list-info API. The read-only role would allow volume-list-info and not volume-create; however, ‘volume create’ and ‘volume status’ are the same command, so it is not possible to create a read-only CLI role.

Regards,

- Rick -

From: Randy Rue [mailto:rrue@fhcrc.org] Sent: Monday, January 23, 2012 16:15 To: toasters@teaparty.net Subject: RE: read only role?

http://communities.netapp.com/message/5448?tstart=0

I believe the guests group has no abilities.

I've created a group (ro_group), mapped it to a role (ro_role) which has the filerview-readonly ability. Also mapped it "upward" to an AD group which contains my RO user.

The link above describes my situation exactly. Yes, there's a RO role for the filerview but no standard RO role for CLI use and no easily identifiable list of capabilities that might make up such a role. That was as of 2008, however.

I'll keep looking. Or if I build a list I'll post it here.

Randy

From: Chris Muellner [mailto:chris@northlandusa.com] Sent: Monday, January 23, 2012 2:24 PM To: Bill Holland; Randy Rue Cc: toasters@teaparty.net Subject: RE: read only role?

There is a guests group. You can also create Windows security groups and assign them to a local group on the controllers.

http://now.netapp.com/NOW/knowledge/docs/ontap/rel801/html/ontap/sysadmin/GU...

From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Bill Holland Sent: Monday, January 23, 2012 4:12 PM To: Randy Rue Cc: toasters@teaparty.netmailto:toasters@teaparty.net Subject: Re: read only role?

I believe there is a builtin read only role. On Mon, Jan 23, 2012 at 4:54 PM, Randy Rue <rrue@fhcrc.orgmailto:rrue@fhcrc.org> wrote: Hello All,

Looking to add a read-only role for techs in our department who are investigating some things but don't need (or want) to risk breaking stuff.

Is there a "standard" list of capabilities that can be added to a role that will give the ability to see stuff but not break stuff?

Thanks in advance,

Randy Rue

_______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters