ONTAP 9 Manuals ( CA08871-402 )

Create login accounts overview

You can enable local or remote cluster and SVM administrator accounts. A local account is one in which the account information, public key, or security certificate resides on the storage system. AD account information is stored on a domain controller. LDAP and NIS accounts reside on LDAP and NIS servers.

Cluster and SVM administrators

A cluster administrator accesses the admin SVM for the cluster. The admin SVM and a cluster administrator with the reserved name admin are automatically created when the cluster is set up.

A cluster administrator with the default admin role can administer the entire cluster and its resources. The cluster administrator can create additional cluster administrators with different roles as needed.

An SVM administrator accesses a data SVM. The cluster administrator creates data SVMs and SVM administrators as needed.

SVM administrators are assigned the vsadmin role by default. The cluster administrator can assign different roles to SVM administrators as needed.

Naming conventions

The following generic names cannot be used for remote cluster and SVM administrator accounts:

  • "adm"

  • "bin"

  • "cli"

  • "daemon"

  • "ftp"

  • "games"

  • "halt"

  • "lp"

  • "mail"

  • "man"

  • "naroot"

  • "fujitsu"

  • "netapp"

  • "news"

  • "nobody"

  • "operator"

  • "root"

  • "shutdown"

  • "sshd"

  • "sync"

  • "sys"

  • "uucp"

  • "www"

Merged roles

If you enable multiple remote accounts for the same user, the user is assigned the union of all roles specified for the accounts. That is, if an LDAP or NIS account is assigned the vsadmin role, and the AD group account for the same user is assigned the vsadmin-volume role, the AD user logs in with the more inclusive vsadmin capabilities. The roles are said to be merged.

Top of Page