Read-Only Traverse Rights for Assessment Scan

Hello Bhuppi1,

Here are a few kb’s that maybe of assistance.

https://www.dell.com/support/kbdoc/en-us/000020893

https://www.dell.com/support/kbdoc/en-us/000063507

https://www.dell.com/support/kbdoc/en-us/000019006

you can set read only permissions for cluster managment (isi command) roles via RBAC, but i have yet to find a way to set the user to have only read writes on the directories on the cluster. so you can have a role with read only RBAC permissions but it could still use rm -rf ...........it would be a great feature, I think something could be done with the restricted shell in 9.5 but i have yet to experiment with it

@storageSysAdmin​ Thanks for this tip. Do you have that command handy please. We just need to run a scan by EMC tool on all the folders/shares etc. Thanx

Hi @Bhuppi1 

the configuration is more for OneFS managment , membership and roles > System > Roles > Audit Admin. but it may give you what you want, but this is more for read access to oneFS configuration,  have not experimented with the limited restricted shell in 9.5. 

you could always setup an NFS export in the parent zone folder and mount a client as read only - but this would be NFS not SMB. 

@storageSysAdmin​ Thanks SysAdmin.  Yes, that'll give us to read-only access to Cluster configuration level, however, we would like to have that read-only access entire SMB canvas wide, like read-only scan rights to each and every folder/share/zone ever existed there.  Something like /ifs$ access, and then whatever is under it is traverseable Thanx.

/ifs/accesszoneroot$ would indeed give you access to everything in theory, you could set read only at the share level. but you could still run into issues. The only options are potentially utilising a higher privilege account (hate to say it.... but a domain admin/ local administrator) and setting that account as the sole user who has share level access.