Skip to main content
NetApp Knowledge Base

What are the required capabilities for SnapDrive in ONTAP 7-Mode?

  1. Last updated
  2. Save as PDF
Views:
208
Visibility:
Public
Votes:
0
Category:
snapdrive-for-windows
Specialty:
snapx
Last Updated:

Applies to

  • SnapDrive for Windows (SDW)
  • SnapDrive for Unix (SDU)
  • Data ONTAP 7.x and earlier
  • Data ONTAP 8.0 to 8.2.x 7-MODE

Answer

In certain environments, it is not deemed acceptable to add the SnapDrive service account to the local administrators group on the storage controllers.

Complete the following steps to create a storage controller group with the appropriate capabilities for a SnapDrive service account:

  1. Create a new role (such as 'sdrole') with the appropriate capabilities on the storage controller:
    useradmin role add sdrole -a login-http-admin,api-lun-*,api-snapshot-*,api-iscsi-*,api-volume-*,api-snapmirror-*,
    api-snapvault-*,api-ems-*,api-igroup-*,api-qtree-*,api-fcp-adapter-*,api-license-*,api-system-*,api-aggr-*,api-file-*

  2. Create a new local storage controller group (such as 'sdadmin'): useradmin group add sdadmin
  3. Assign the new role to the newly created group: useradmin group modify sdadmin -r sdrole

  4. With SDW with RPC usage:

    • create the SnapDrive Service Account (such as 'snapdrive') in an Active Directory Domain.

    • then add the 'snapdrive' AD user to the 'sdadmin' group: useradmin domainuser add <DOMAIN>\snapdrive -g sdadmin

    • add the 'snapdrive' user to the Windows host local Administrators group (Note: the SDU daemon runs with root already).

    • install or modify SnapDrive to use the 'snapdrive' service account with its services.

  5. With SDU or SDW with http(s) usage:

    • add the local 'snapdrive' user to ONTAP: useradmin user add snapdrive -g sdadmin

  6. Test SnapDrive (example, create/delete snapshot, connect and disconnect snapshot, create/delete a LUN, resize a LUN).

If there are other NetApp applications running on the server (such as SnapManager for Exchange/SQL), test those applications as well.

Additional Information

For Data ONTAP 8 C-Mode and ONTAP 9 see "How to limit the privileges for SnapDrive with a role for an SVM account"

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device