Host-based backup of VMware vSphere VMs.
Post Reply
thomas321
Influencer
Posts: 16
Liked: never
Joined: Jan 11, 2017 5:05 pm
Full Name: T
Contact:

NetApp RBAC role without Snapshot removal permission

Post by thomas321 »

Hi there,

is it possible to create a NetApp RBAC role which allows Veeam to use direct storage access, browse volumes and snapshots and also allows restores BUT disallows removing snapshots?
In the whitepaper "netapp-configuration-best-practices-guide_wpp.pdf" I read on page 39 "snapshot all" is required but I was hoping there might be a way to do it with read-only permissions.


Thanks!
Andreas Neufert
VP, Product Management
Posts: 6707
Liked: 1401 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: NetApp RBAC role without Snapshot removal permission

Post by Andreas Neufert »

Hi Thomas,

I have asked our NetApp team to comment.
Please give them some time.
rennerstefan
Veeam Software
Posts: 627
Liked: 146 times
Joined: Jan 22, 2015 2:39 pm
Full Name: Stefan Renner
Location: Germany
Contact:

Re: NetApp RBAC role without Snapshot removal permission

Post by rennerstefan »

Hi Thomas,

the user permission mentioned in the whitepaper are the ones that are the minimum.
Snapshot removal is a key element of the whole integration as even the features you ask for (direct storage access, browse volumes and snapshots) require that we create snapshots (bfss) as well as delete them after the backup is done.
There might be features that don't require snapshot deletion at the first hand but I would highly recommend to leave the delete right assigned to the use.

At the end, you can feel free to try removing the "ALL" and change it to something else but as you see that will not only impact the deletion but also the creation of the snapshot.
So changing the access rights would mean you have to specify "volume snapshot create/delete/modify" instead of "snapshot".
Of course my advise is to try this in a lab instead of production.

Long story short, from a Veeam side the user access rights mentioned in the guide are the ones we defined as minimum and the ones that are supported by us.
Any other user rights and roles are up to you to support and make sure the customer/user gets the right solution in place.

Feel free to reach out on further questions.
Stefan Renner

Veeam PMA
Post Reply

Who is online

Users browsing this forum: No registered users and 104 guests