"Heino" == Heino Walther hw@beardmann.dk writes:
Heino> Well yes and no, I tried the same technique… I even tried just Heino> to create my own role with “DEFAULT / ALL” defined just like Heino> the admin role… but once I assigned this to a user he was no Heino> longer able to login to the web GUI…
Heino> BTW. The link you send it for OCUM and as far as I know that Heino> uses the API to talk to the cluster… 😊
As I recall, but I haven't looked into this recently for newer versions, the roles in cDOT are either crazy limited, or crazy wide open. You can't create a role to do anything such as create a new volume in an aggregate, that you also give them *delete* privs as well.
So I think now the goal is to use the API and Ansible to create more locked down setups for end users, which you then secure to your liking.
Especially so since the Work Flow Automation tool is going away too.
John