I need to give two AD groups for Isilon Access.
AdminGroup -- Login to Web Console and manage ( same as root)
Backupgroup - Only SynIQ access and Share other area read only
monitorgroup- read only
How do i setup this?
First, it’s important to understand that in OneFS 7.0 and then 7.1 not all features are PAPI enabled, meaning you can get most features of root, but not all of them yet. With each 7.x release more is being added. But for most day to day administration tasks you’ll probably be just fine today on the latest 7.0.2 or 7.1 code.
Also, all RBAC configuration at this time is done through the CLI.
There are 2 concepts at play here:
Roles and Privileges.
A role is a collection of priviliges
A role has members.
Those members can be local users, or they can be users or groups from AD.
Privileges give access to things on the system, and can be either read-only or R/W when added to a role
Some examples are
login via ssh
login to the webui
change NFS settings
change Quota Settings
There are some built in roles (or you can create your own):
#To view the roles on your cluster:
isi02-3# isi auth role list
U have simplified it..... Thanks....
I want to create a role which can only create
Modify and delete quotas of a particular smb share only. Please guide.
You can create a new custom role:
# isi auth roles create QuotaAdmin
Then you can give this role access to the quota system:
# isi auth roles modify QuotaAdmin --add-priv ISI_PRIV_QUOTA
This provides access to all features of SmartQuotas.
You can see the available options for further modifying roles here:
# isi auth privileges --verbose
# isi auth roles modify --help
Sorry for digging this old one out:
Does this actually work for AD users or groups? I was trying around and could only make this work for Local Users.
Isilon is joined to an AD in the System Zone.