エフサステクノロジーズ株式会社

本ページの製品は2024年4月1日より、エフサステクノロジーズ株式会社に統合となり、順次、切り替えを実施してまいります。一部、富士通表記が混在することがありますので、ご了承ください。

SnapCenter Software 5 マニュアル ( CA08871-403 )

to English version

最小権限でのONTAPクラスタ ロールの作成

最小権限でONTAPクラスタ ロールを作成し、ONTAP adminロールを使用しなくてもSnapCenterで処理を実行できるようにする必要があります。いくつかのONTAP CLIコマンドを実行して、ONTAPクラスタ ロールを作成し、最小権限を割り当てることができます。

手順

  1. ストレージ システムで、ロールを作成してすべての権限を割り当てます。

    security login role create –vserver <cluster_name\>- role <role_name\> -cmddirname <permission\>

    このコマンドは、権限ごとに実行する必要があります。
  2. ユーザーを作成してロールを割り当てます。

    security login create -user <user_name\> -vserver <cluster_name\> -application ontapi -authmethod password -role <role_name\>

  3. ユーザーのロックを解除します。

    security login unlock -user <user_name\> -vserver <cluster_name\>

クラスタ ロールの作成と権限の割り当てのためのONTAP CLIコマンド

クラスタ ロールを作成して権限を割り当てるために実行する必要のあるONTAP CLIコマンドがあります。

  • security login role create -vserver Cluster_name or cluster_name -role Role_Name -cmddirname "metrocluster show" -access readonly

  • security login role create -vserver Cluster_name or cluster_name -role Role_Name -cmddirname "cluster identity modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "cluster identity show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "cluster modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "cluster peer show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "cluster show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "event generate-autosupport-log" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "job history show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "job stop" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup add" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup rename" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun igroup show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun mapping add-reporting-nodes" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun mapping create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun mapping delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun mapping remove-reporting-nodes" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun mapping show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun move-in-volume" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun offline" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun online" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun persistent-reservation clear" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun resize" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun serial" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "lun show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "network interface create" -access readonly

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "network interface delete" -access readonly

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "network interface modify" -access readonly

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "network interface show" -access readonly

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "security login" -access readonly

  • security login role create -role Role_Name -cmddirname "snapmirror create" -vserver Cluster_name -access all

  • security login role create -role Role_Name -cmddirname "snapmirror list-destinations" -vserver Cluster_name -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy add-rule" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy modify-rule" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy remove-rule" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror policy show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror restore" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror show-history" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror update" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "snapmirror update-ls-set" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system license add" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system license clean-up" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system license delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system license show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system license status show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system node modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system node show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "system status show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "version" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume clone create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume clone show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume clone split start" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume clone split stop" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume destroy" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume file clone create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume file show-disk-usage" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume offline" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume online" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume qtree create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume qtree delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume qtree modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume qtree show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume restrict" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot promote" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot rename" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot restore" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot restore-file" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume snapshot show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "volume unmount" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs share modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs share create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs share delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs share modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs share show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver cifs show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy rule create" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy rule delete" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy rule modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy rule show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver export-policy show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver iscsi connection show" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver modify" -access all

  • security login role create -vserver Cluster_name -role Role_Name -cmddirname "vserver show" -access all

Top of Page