Skip to main content

Administrator Authentication and RBAC Power Guide

This document is available in PDF format:

Administrator Authentication and RBAC Power Guide PDF

  • Deciding whether to use the Administrator Authentication and RBAC Power Guide
    This guide describes how to enable login accounts for ONTAP cluster administrators and storage virtual machine (SVM) administrators, and how to use role-based access control (RBAC) to define the capabilities of administrators.
  • Administrator authentication and RBAC workflow
    You can enable authentication for local administrator accounts or remote administrator accounts. The account information for a local account resides on the storage system and the account information for a remote account resides elsewhere. Each account can have a predefined role or a custom role.
  • Worksheets for administrator authentication and RBAC configuration
    Before creating login accounts and setting up role-based access control (RBAC), you should gather information for each item in the configuration worksheets.
  • Creating login accounts
    You can enable local or remote cluster and SVM administrator accounts. A local account is one in which the account information, public key, or security certificate resides on the storage system. AD account information is stored on a domain controller. LDAP and NIS accounts reside on LDAP and NIS servers.
  • Managing access-control roles
    The role assigned to an administrator determines the commands to which the administrator has access. You assign the role when you create the account for the administrator. You can assign a different role or define custom roles as needed.
  • Managing administrator accounts
    Depending on how you have enabled account access, you may need to associate a public key with a local account, install a CA-signed server digital certificate, or configure AD, LDAP, or NIS access. You can perform all of these tasks before or after enabling account access.
  • Where to find additional information
    After you have enabled login accounts for ONTAP cluster and SVM administrators, you can perform more advanced tasks.
  • Contacting Support
    You can contact Support to obtain help for your issue.
  • Notices
    Lenovo may not offer the products, services, or features discussed in this document in all countries. Consult your local Lenovo representative for information on the products and services currently available in your area.