Skip to main content
NetApp Knowledge Base

ONTAP Tools for VMware vSphere: RBAC Configuration

Views:
1,367
Visibility:
Public
Votes:
1
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

Applies to

  • ONTAP Tools for VMware vSphere (OTV) 9.13 and earlier
  • Virtual Storage Console (VSC)
  • Storage Replication Adapter (SRA)
  • VASA Provider (VP)

Answer

This KB covers:

  • OTV RBAC to vCenter 
  • OTV RBAC to ONTAP

To control what access users have to both vCenter and ONTAP, ONTAP Tools for VMware vSphere (OTV) utilizes Role Base Access Control (RBAC).

VMware vCenter Server RBAC:

There are two types of vSphere accounts that can be leveraged by OTV:

  1. service account
  2. user accounts

Service Account

OTV uses the service account to issue API calls to vCenter.  This account needs to:

  • be assigned to the vCenter administrator (or admin) role

User Account

It is the user account that determines what actions a user can perform in OTV. 

  • When OTV is installed, new priviledges and roles are added to vCenter
  • For example, after OTV is installed, a user can be assigned to the VSC Provision role and that will allow them the ability to provision new datastores:

clipboard_e9f761e0088651931005f0a0c34a95ee9.png

  • Alternatively, you can configure custom roles and add only the OTV priviledges you need

ONTAP RBAC

OTV can access ONTAP:

  • Using SVM scope
  • Using Cluster scope

Note: If you are planning to use VASA Provider, then you must use cluster scoped storage. 

Note: If using SVM scoped storage, you must configure a new user and role at the SVM level.  The default vsadmin user does not have all of the necessary priviledges needed by SRA.

For details on how to create a local ONTAP user and role to be used by OTV, please see How to configure role-based access control for ONTAP Tools

Additional Information

Please also be aware of Unable to discover SVM or cluster on OTV 9.12

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.