How can I create a temporary account for a field engineer to login to perform maintenance work on a cluster
Applies to
- FAS Models
- AFF Models
- Ontap 9
Answer
In some cases, it might make things more streamlined to provide a unique account for a field engineer to work on your cluster, rather than sharing "admin" credentials.
To perform these actions, SSH to the cluster and run the following commands:
1) Create the user named "field_tech"
::> security login create -user-or-group-name field_tech -application console -authentication-method password -role admin
You will be prompted to enter a password
Please enter a password for user 'field_tech':
Please enter it again:
2) Add access to the "service-processor" application
::> security login create -user-or-group-name field_tech -application service-processor -authentication-method password -role admin
3) Verify that the account has been created properly
::> security login show -user-or-group-name field_tech
Vserver: tfmb
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
field_tech console password admin no none
field_tech service-processor
password admin no none
2 entries were displayed.
Once the maintenance work has been completed, you can "lock" the account so that it can't be used
::> security login lock -username field_tech
Future maintenance windows can have the account unlocked with this command
::> security login unlock -username field_tech
and the password can be changed at anytime with this command:
::> security login password -username field_tech
Additional Information