You need to understand what users, groups, roles, and capabilities are, so that you can grant different levels of administrative access to users of a storage system.
- user:
- An account that is authenticated on the storage system. Users can be placed into storage system groups to grant them capabilities on the storage system.
- domainuser:
- A nonlocal user who belongs to a Windows domain and is authenticated by the domain. This type of user can be put into storage system groups, thereby being granted capabilities on the storage system. This only works if CIFS has been set up on the storage system.
- group:
- A collection of users and domainusers that can be granted one or more roles. Groups can be predefined, created, or modified. When CIFS is enabled, groups act as Windows groups.
- role:
- A set of capabilities that can be assigned to a group. Roles can be predefined, created, or modified.
- capability:
- The privilege granted to a role to execute commands or take other specified actions. Types of capabilities include:
- Login rights
- Data ONTAP CLI (command-line interface) rights
- Data ONTAP API (application programming interface) rights
- Security rights
