ONTAP 9 Manuals ( CA08871-402 )

Reasons for creating local users and local groups

There are several reasons for creating local users and local groups on your storage virtual machine (SVM). For example, you can access an SMB server by using a local user account if the domain controllers (DCs) are unavailable, you might want to use local groups to assign privileges, or your SMB server is in a workgroup.

You can create one or more local user accounts for the following reasons:

  • Your SMB server is in a workgroup, and domain users are not available.

    Local users are required in workgroup configurations.

  • You want the ability to authenticate and log in to the SMB server if the domain controllers are unavailable.

    Local users can authenticate with the SMB server by using NTLM authentication when the domain controller is down, or when network problems prevent your SMB server from contacting the domain controller.

  • You want to assign User Rights Management privileges to a local user.

    User Rights Management is the ability for an SMB server administrator to control what rights the users and groups have on the SVM. You can assign privileges to a user by assigning the privileges to the user’s account, or by making the user a member of a local group that has those privileges.

You can create one or more local groups for the following reasons:

  • Your SMB server is in a workgroup, and domain groups are not available.

    Local groups are not required in workgroup configurations, but they can be useful for managing access privileges for local workgroup users.

  • You want to control access to file and folder resources by using local groups for share and file-access control.

  • You want to create local groups with customized User Rights Management privileges.

    Some built-in user groups have predefined privileges. To assign a customized set of privileges, you can create a local group and assign the necessary privileges to that group. You can then add local users, domain users, and domain groups to the local group.

Top of Page