Stephen, The audit role is ill-conceived since the capability login-http-admin gives full access to the filer via filerview. This is fixed in bug 167183, but it's not available to customers at this time.

In ONTAP 7.0 and 7.1, roles are limited primarily to the command line. There's a workaround for the apis (if you use the SDK, I can help there), but nothing is available for FV.

Given the limitations, instead of looking for read-only access, I'd recommend you decide which cli commands to give to which administrator. You can do this by creating your own role for a list of commands. The following will allow a user to run any cifs commands via telnet or rsh. No Filerview, and no permissions to halt the filer or change volumes:

useradmin role add RoleCifs -a login-telnet,login-rsh,cli-help*,cli-cifs* useradmin group add GroupCifs -r RoleCifs useradmin user add UserCifs -g GroupCifs

Good luck, -Joshua

-----Original Message----- From: Holland, William L [mailto:HollandWL@state.gov] Sent: Thursday, June 22, 2006 2:21 AM To: Darragh, Stephen J (CSC) (US SSA); toasters@mathworks.com Subject: RE: Read Only access to filer

Not for Filerview - always full admin rights if you are allowed to use Filerview.

-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Darragh, Stephen J (CSC) (US SSA) Sent: Wednesday, June 21, 2006 2:52 PM To: toasters@mathworks.com Subject: Read Only access to filer

Is there a way to create a account on the filer that has read-only access?

I tried useradmin user add myuser and added him to audit group. I could still change things like quotas from filerview, but could not login via cli

Thanks Stephen