Table of ContentsView in Frames

What users, groups, roles, and capabilities are

You need to understand what users, groups, roles, and capabilities are, so that you can grant different levels of administrative access to users of a storage system.

user:
An account that is authenticated on the storage system. Users can be placed into storage system groups to grant them capabilities on the storage system.
domain user:
A nonlocal user who belongs to a Windows domain and is authenticated by the domain. This type of user can be put into storage system groups, thereby being granted capabilities on the storage system. This only works if CIFS has been set up on the storage system.
group:
A collection of users and domain users that can be granted one or more roles. Groups can be predefined, created, or modified. When CIFS is enabled, groups act as Windows groups.
role:
A set of capabilities that can be assigned to a group. Roles can be predefined, created, or modified.
capability:
The privilege granted to a role to execute commands or take other specified actions. Examples of types of capabilities include the following:
  • Login rights
  • Data ONTAP CLI (command-line interface) rights
  • Data ONTAP API (application programming interface) rights
  • Security rights