Data Domain: How to change the DDBoost user role to Admin or None
Summary: Unable to change the role of the DDBoost user role (Admin or none)
Symptoms
We must first unassign the "DDBoost" user from the SU, and then only we can make the role changes to the "DDBoost" user.
Changing the role of the DDboost user gives below error:
Data Domain : **** The DD System user role cannot be changed because this DDboost user owns one or more storage-units.
Cause
The ddboost user role cannot be modified while the user is a ddboost user.
Consider if you need this user to have an admin role. Some backup applications need this role so that it can have the correct role to mount an NFS datastore on to the Data Domain or it can cause the instant access Restore failures. Some backup applications need this role for snapshot expiry.
Or if for security reasons, the user must have a lower role (such as none).
Resolution
Perform the below steps:
-
Check the current SU configuration and the user assigned to the SU.
# ddboost storage-unit show Name Pre-Comp (GiB) Status User Report Physical Size (MiB) ------------- -------------- ------ ------- --------------- Avamar01 8550.7 RW MyDDBoost - ------------- -------------- ------ ------- --------------- D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination
-
Assign a temporary other ddboost user to the storage-unit.
NOTE: That beginning in DDOS version 6.2 and higher, the below modify command does a recursive chown (change owner) of the files and directories within the storage-unit. See KB 000078758 for details on potential command timeout if there are many files in the storage-unit.Example:
#ddboost storage-unit modify Avamar01 user sysadmin
-
Check the SU config now, the user assigned to the SU should be changed to sysadmin from MyDDBoost.
#ddboost storage-unit show Name Pre-Comp (GiB) Status User Report Physical Size (MiB) ------------- -------------- ------ ---- --------------- Avamar01 8550.7 RW sysadmin - ------------- -------------- ------ ---- --------------- D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination
-
Unassign the MyDDBoost user from being a ddboost user.
Example:
#ddboost user unassign MyDDBoost
-
Change the role of ddboost user.
# user change role MyDDBoost {admin | limited-admin | user | backup-operator | none}Role changed for user "DDBoost"
-
As the MyDDboost has the new role now, assign the MyDDboost user as a ddboost user.
Example:
# ddboost user assign MyDDBoost
User "MyDDBoost" assigned to DD Boost
-
Assign the "MyDDBoost" user to the storage-unit.
NOTE: That beginning in DDOS version 6.2 and higher, the below modify command does a recursive chown (change owner) of the files and directories within the storage-unit. See KB 000078758 for details on potential command timeout if there are many files in the storage-unit.Example:
# ddboost storage-unit modify Avamar01 user MyDDBoost
Storage-unit "Avamar01" modified for user "MyDDBoost"
# ddboost storage-unit show Name Pre-Comp (GiB) Status User Report Physical Size (MiB) ------------- -------------- ------ ------- --------------- Avamar01 8550.7 RW MyDDBoost - ------------- -------------- ------ ------- --------------- D : Deleted Q : Quota Defined RO : Read Only RW : Read Write RD : Replication Destination
-
Checked the role assigned to the "DDBoost" user now, it should match the wanted role.
Example:
# user show list User list from node "localhost". Name Uid Role Last Login From Last Login Time Status Disable Date --------- --- -------- --------------- ------------------------ ------- ------------ sysadmin 100 admin 10.159.xxx.xxx Wed Jan 30 04:28:45 2019 enabled never MyDDBoost 500 admin 10.159.xxx.xxx Sat Nov 10 21:31:17 2018 enabled never --------- --- -------- --------------- ------------------------ ------- ------------
Example shows the MyDDBoost has an admin role.