Managing access to the cluster (cluster administrators only)
You can control access to the cluster and enhance security by managing user accounts, access-control roles and their password rules, public keys, digital certificates, web services, and audit settings.
Managing user accounts
You can create, modify, lock, unlock, or delete a cluster or Storage Virtual Machine (SVM) user account, reset a user's password, or display information for all user accounts.
Managing access-control roles
Role-based access control (RBAC) limits users' administrative access to the level granted for their role, enabling you to manage users by the role they are assigned to. Data ONTAP provides several predefined roles. You can also create additional access-control roles, modify them, delete them, or specify account restrictions for users of a role.
Managing SSH security configurations
Managing SSH security configurations involves managing the SSH key exchange algorithms and data encryption algorithms (also known as ciphers). Data ONTAP enables you to enable or disable individual SSH key exchange algorithms and ciphers for the cluster or Storage Virtual Machines (SVMs) according to their SSH security requirements.
Managing public keys
You can associate, modify, or delete a public key to manage a user's authentication.
Managing digital certificates for server or client authentication
A digital certificate ensures that communications are transmitted in encrypted form and that information is sent privately and unaltered to only the specified server or from the authenticated client. You can generate a certificate signing request, create, install, sign, display, revoke, or delete a digital certificate for server or client authentication.
Managing access to web services
A web service is an application that users can access by using HTTP or HTTPS. The cluster administrator can set up the web protocol engine, configure SSL, enable a web service, and enable users of a role to access a web service.
Managing audit settings
Audit logging creates a chronological record of management activities. You can specify what types of activities in the management interface are audited.