In addition to using the default system administration account ("root") for managing a storage system, you can create additional administrator user accounts to manage administrative access to the storage system.
The following are the reasons for creating administrator accounts:
- You can specify administrators and groups of administrators to have differing degrees of administrative access to your storage systems.
- You can limit an administrator’s access to specific storage systems by giving him or her an administrative account on only those systems.
- Having different administrative users enables you to display information about who is performing which commands on the storage system.
The audit-log file keeps a record of all administrator operations performed on the storage system and the administrator who performed it, as well as any operations that failed due to insufficient capabilities.
- You assign each administrator to one or more groups whose assigned roles (sets of capabilities) determine what operations that administrator is authorized to carry out on the storage system.
- If a storage system running CIFS is a member of a domain or a Windows workgroup, domain user accounts authenticated on the Windows domain can access the storage system using Telnet, RSH, SSH,
Data ONTAP APIs, and Windows Remote Procedure Calls (RPCs).
For more information about authenticating users using Windows domains, see the section on user accounts in the CIFS chapter of the
Data ONTAP File Access and Protocols Management Guide for 7-Mode.