Sun Storage 7000 Unified Storage System: permission denied when creating a snapshot. How can I add this privilege?

Asset ID:	1-71-1327520.1
Update Date:	2012-02-18
Keywords:

Solution Type Technical Instruction Sure

Solution 1327520.1 : Sun Storage 7000 Unified Storage System: permission denied when creating a snapshot. How can I add this privilege?

Applies to:

Sun Storage 7410 Unified Storage System - Version: Not Applicable to Not Applicable - Release: N/A to N/A
Sun Storage 7110 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun Storage 7210 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun Storage 7310 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun ZFS Storage 7120 - Version: Not Applicable and later    [Release: N/A and later]
7000 Appliance OS (Fishworks)
NAS head revision : [not dependent]
BIOS revision : [not dependent]
ILOM revision : [not dependent]
CLUSTER related : [no]

Goal

Trying to create Snapshot and got permission denied. How do I add these privileges to my user.

Solution

If you need to add more than just basic privileges to a non-root/admin user, then you will have to give that user more privileges by creating ROLES and add them to the user.

As an example, to add project and share related privileges....

As the root user, go to the appliance BUI,
- then go to Configuration -> Users

Create a ROLE by clicking on the (+) icon and a popup will appear
Enter a name and description for your ROLE, this is freeform text but limitations apply to the ROLE name
Use the "Scope" pulldown to select "Projects and Shares"
You can select all of the authorities by ticking the top box or you can go through them and fine tune what you want.
After you are finished click ADD and then Apply

NOTE: before hitting the final "ADD" button to do a final save, notice by hitting the first "ADD" button the permissions are now listed - you can un-tick the privileges you don't need in the ROLE and click the trash icon to remove the privilege

Permissions

nas.*.*.* scheduleSnap, takeSnap, changeAccessProps, changeGeneralProps, changeProtocolProps, changeSpaceProps, changeUserQuota, clone, createProject, createShare, destroy, rename, rollback, rrsource, rrtarget, scrub, shadowMigration

Next, add the ROLE to a USER (assuming you have already added a user)

Edit the User by moving your mouse over the user and click the edit icon (pencil)
You will now see that you have more than just the basic ROLE.
Tick the newly created role for shares/projects/snapshots and click "Apply" to save

There are many privileges you can add to your users by checking each category and deciding which fits best for a user.

We have found it is best to have two separate browsers open with the user who's privileges your are modifying and the other with the root user. That way you can make a change to a role with the root user and test the privilege with the non-root user in the other browser.

Just make sure you keep an eye who is logged in to the BUI in the upper right hand corner. USER@appliance_name

Attachments

This solution has no attachment