Hi there,
is it possible to create a NetApp RBAC role which allows Veeam to use direct storage access, browse volumes and snapshots and also allows restores BUT disallows removing snapshots?
In the whitepaper "netapp-configuration-best-practices-guide_wpp.pdf" I read on page 39 "snapshot all" is required but I was hoping there might be a way to do it with read-only permissions.
Thanks!
-
thomas321
- Influencer
- Posts: 16
- Liked: never
- Joined: Jan 11, 2017 5:05 pm
- Full Name: T
- Contact:
-
Andreas Neufert
- VP, Product Management
- Posts: 7077
- Liked: 1510 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: NetApp RBAC role without Snapshot removal permission
Hi Thomas,
I have asked our NetApp team to comment.
Please give them some time.
I have asked our NetApp team to comment.
Please give them some time.
-
rennerstefan
- Veeam Software
- Posts: 688
- Liked: 150 times
- Joined: Jan 22, 2015 2:39 pm
- Full Name: Stefan Renner
- Location: Germany
- Contact:
Re: NetApp RBAC role without Snapshot removal permission
Hi Thomas,
the user permission mentioned in the whitepaper are the ones that are the minimum.
Snapshot removal is a key element of the whole integration as even the features you ask for (direct storage access, browse volumes and snapshots) require that we create snapshots (bfss) as well as delete them after the backup is done.
There might be features that don't require snapshot deletion at the first hand but I would highly recommend to leave the delete right assigned to the use.
At the end, you can feel free to try removing the "ALL" and change it to something else but as you see that will not only impact the deletion but also the creation of the snapshot.
So changing the access rights would mean you have to specify "volume snapshot create/delete/modify" instead of "snapshot".
Of course my advise is to try this in a lab instead of production.
Long story short, from a Veeam side the user access rights mentioned in the guide are the ones we defined as minimum and the ones that are supported by us.
Any other user rights and roles are up to you to support and make sure the customer/user gets the right solution in place.
Feel free to reach out on further questions.
the user permission mentioned in the whitepaper are the ones that are the minimum.
Snapshot removal is a key element of the whole integration as even the features you ask for (direct storage access, browse volumes and snapshots) require that we create snapshots (bfss) as well as delete them after the backup is done.
There might be features that don't require snapshot deletion at the first hand but I would highly recommend to leave the delete right assigned to the use.
At the end, you can feel free to try removing the "ALL" and change it to something else but as you see that will not only impact the deletion but also the creation of the snapshot.
So changing the access rights would mean you have to specify "volume snapshot create/delete/modify" instead of "snapshot".
Of course my advise is to try this in a lab instead of production.
Long story short, from a Veeam side the user access rights mentioned in the guide are the ones we defined as minimum and the ones that are supported by us.
Any other user rights and roles are up to you to support and make sure the customer/user gets the right solution in place.
Feel free to reach out on further questions.
Stefan Renner
Veeam PMA
Veeam PMA
Who is online
Users browsing this forum: No registered users and 29 guests