Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1327520.1
Update Date:2012-02-18
Keywords:

Solution Type  Technical Instruction Sure

Solution  1327520.1 :   Sun Storage 7000 Unified Storage System: permission denied when creating a snapshot. How can I add this privilege?  


Related Items
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun Storage 7210 Unified Storage System
  •  
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7420
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
  Goal
  Solution


Created from <SR 3-3742200541>

Applies to:

Sun Storage 7410 Unified Storage System - Version: Not Applicable to Not Applicable - Release: N/A to N/A
Sun Storage 7110 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun Storage 7210 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun Storage 7310 Unified Storage System - Version: Not Applicable and later    [Release: N/A and later]
Sun ZFS Storage 7120 - Version: Not Applicable and later    [Release: N/A and later]
7000 Appliance OS (Fishworks)
NAS head revision : [not dependent]
BIOS revision : [not dependent]
ILOM revision : [not dependent]
CLUSTER related : [no]

Goal

Trying to create Snapshot and got permission denied.  How do I add these privileges to my user.

Solution

If you need to add more than just basic privileges to a non-root/admin user, then you will have to give that user more privileges by creating ROLES and add them to the user.

As an example, to add project and share related privileges....

As the root user, go to the appliance BUI,
- then go to Configuration -> Users

  • Create a ROLE by clicking on the (+) icon and a popup will appear
  • Enter a name and description for your ROLE, this is freeform text but limitations apply to the ROLE name
  • Use the "Scope" pulldown to select "Projects and Shares"
  • You can select all of the authorities by ticking the top box or you can go through them and fine tune what you want.
  • After you are finished click ADD and then Apply
NOTE: before hitting the final "ADD" button to do a final save, notice by hitting the first "ADD" button the permissions are now listed - you can un-tick the privileges you don't need in the ROLE and click the trash icon to remove the privilege

Permissions

nas.*.*.* scheduleSnap, takeSnap, changeAccessProps, changeGeneralProps, changeProtocolProps, changeSpaceProps, changeUserQuota, clone, createProject, createShare, destroy, rename, rollback, rrsource, rrtarget, scrub, shadowMigration

Next,  add the ROLE to a USER (assuming you have already added a user)
  • Edit the User by moving your mouse over the user and click the edit icon (pencil)
  • You will now see that you have more than just the basic ROLE.
  • Tick the newly created role for shares/projects/snapshots and click "Apply" to save
There are many privileges you can add to your users by checking each category and deciding which fits best for a user.

We have found it is best to have two separate browsers open with the user who's privileges your are modifying and the other with the root user. That way you can make a change to a role with the root user and test the privilege with the non-root user in the other browser.

Just make sure you keep an eye who is logged in to the BUI in the upper right hand corner. USER@appliance_name

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback