Table of ContentsView in Frames

Predefined roles

Data ONTAP provides predefined roles that you can assign to groups and enable users in the groups to perform different levels of administrative tasks.

The following table describes the roles that are predefined by Data ONTAP.

This role... Includes the following default capabilities... That grant users of a group...
root * All possible capabilities.
admin cli-*, api-*, login-*, security-* All CLI, API, login, and security capabilities.
power cli-cifs*, cli-exportfs*, cli-nfs*, cli-useradmin*, api-cifs-*, api-nfs-*, login-telnet, login-http-admin, login-rsh, login-ssh,api-system-api-* The capabilities to performing the following tasks:
  • Invoke all cifs, exportfs, nfs, and useradmin CLI commands
  • Make all cifs and nfs API calls
  • Log in using Telnet, HTTP, RSH, and SSH sessions
backup login-ndmp The capabilities to make NDMP requests.
compliance cli-cifs*, cli-exportfs*, cli-nfs*, cli-useradmin*, api-cifs-*, api-nfs-*, login-telnet, login-http-admin, login-rsh, login-ssh, api-system-api-*, cli-snaplock*, api-snaplock-*, api-file-*, compliance-* Compliance-related capabilities in addition to all the capabilities granted by the power role.
Note: The compliance role is the default role for the Compliance Administrators group. The compliance role cannot be removed from the Compliance Administrators group or added to other groups.
audit api-snmp-get, api-snmp-get-next The capabilities to make snmp-get and snmp-get-next API calls.
none None No administrative capabilities.