Table of ContentsView in Frames

Delegating administration to SVM administrators

After setting up a functional Storage Virtual Machine (SVM) with basic network configuration, you can optionally delegate the administration of the SVM to the SVM administrator. You can delegate the SVM administration by creating and assigning user accounts either with predefined roles or customized roles.

Before you begin

If you want to delegate the SVM administration with any customized roles, you must have created customized roles by using the security login role create command.

Steps

  1. Use the vserver show -fields aggr-list command to verify if the SVM has any aggregates assigned.
    Note: If no aggregates are assigned to the SVM, the SVM administrator cannot create volumes.
  2. If the SVM does not have any assigned aggregates, use the vserver add-aggregates command to specify aggregates in the aggregates list of the SVM.
    Note: You cannot assign the root aggregate "aggr0" for any SVM.
    Example
    The following command specifies the aggregate aggr1 for the SVM vs1.example.com:
    cluster1::> vserver add-aggregates -vserver vs1.example.com -aggregates aggr1
    
  3. For the SVM administrator administering an SVM with FlexVol volume, use the vserver modify command with the max-volumes option to specify the maximum number of volumes that the SVM administrator can create on that SVM.
    Example
    The following command specifies the maximum number of volumes for the SVM vs1.example.com:
    cluster1::> vserver modify -vserver vs1.example.com -max-volumes 10
    
  4. Use the vserver add-protocols or vserver remove-protocols command to specify the protocols for the SVM.
    Example
    The following command specifies the CIFS protocol for the SVM vs1.example.com:
    cluster1::> vserver add-protocols -vserver vs1.example.com -protocols cifs
    
    Only the specified protocols are available for configuration and data access.
  5. For SVM management, create a new LIF or use one of the data LIFs.
    Important: You cannot use data LIFs configured for SAN protocols for SVM management.
    If you want to... Then...
    Create a new LIF for SVM management
    1. Identify the IPspace assigned to the SVM by using the vserver show command:
      cluster1::> vserver show -vserver vs1.example.com -fields ipspace
      vserver         ipspace
      ------------    -------
      vs1.example.com ipspace1
      
    2. Select a port from the same IPspace as the SVM by using the network port show command:
      cluster1::> network port show -ipspace ipspace1
                                                                    Speed (Mbps)
      Node        Port    IPspace    Broadcast Domain Link   MTU    Admin/Oper
      ------      ------- ---------- ---------------- ----- ------- ------------
      cluster1-01  e0c    ipspace1   192.0.2.120/24   up   1500     auto/1000
      ....
      ....
      
      
    3. Create a LIF by using the network interface create command.
      The following command creates the data LIF lif3 on the port e0c that belongs to IPspace ipspace1 for the SVM vs1.example.com belonging to ipspace1:
      cluster1::> network interface create -vserver vs1.example.com -lif lif3 -data-protocol 
      none -role data -home-node node1-01 -home-port e0c -address 192.0.2.129 
      -netmask 255.255.255.128
    Use a LIF for NFS, CIFS, and SVM management Change the firewall policy to mgmt by using the network interface modify command.
    The following command modifies the data LIF lif1 for the SVM vs1.example.com to support SVM management:
    cluster1::>network interface modify -vserver vs1.example.com -lif lif1 -firewall-policy mgmt
  6. Depending on the type of SVM administrator roles, perform the appropriate action:
    If you want to use... Then...

    vsadmin, a predefined role that is created and is in the locked state when the SVM is created

    1. Set up a password by using the security login password command:
      1. Enter a password for the user account.
      2. Confirm the password by reentering it.
      The following command sets up a password for the user account vsadmin on the SVM vs1.example.com:
      cluster1::>security login password -username vsadmin -vserver vs1.example.com 
      Please enter a password for user 'vsadmin':
      Please enter it again:
      
      cluster1::>
    2. Unlock the user account by using the security login unlock command.
      The following command unlocks the user account vsadmin for the SVM vs1.example.com:
      cluster1::> security login unlock -username vsadmin -vserver vs1.example.com
    Any customized role or other predefined roles, such as vsadmin-volume, vsadmin-protocol, or vsadmin-readonly Create a user account with a role by using the security login create command:
    1. Enter a password for the user account.
    2. Confirm the password by reentering it.
    The following command creates the user account user1 with vsadmin-readonly role for the SVM vs1.example.com:
    cluster1::> security login create -user-or-group-name user1 
    -application ssh -authmethod password -vserver vs1.example.com -role vsadmin-readonly
    Please enter a password for user 'user1':
    Please enter it again:
    
    cluster1::>
    

Result

After you assign the SVM to an SVM administrator, the SVM administrator can log in to the SVM by using the user name, password, and the management IP address.