Skip to main content

NAS Backup: Create a NAS Role and User on Dell EMC Isilon Using CLI with Required Permissions

NAS Backup: Create a NAS Role and User on Dell EMC Isilon Using CLI with Required Permissions

Updated over 7 months ago

Overview

The objective is to create a NAS role and user with required permissions using CLI.

Procedure title

NOTE: User name ‘nas-phoenix’ and role name ‘namespace’ are user-defined and can be set as needed.

Below are the steps to create a new role and user for NAS backups with Phoenix:

  1. Establish an SSH connection to any node in the Isilon cluster.

  2. OPTIONAL – If a local user is needed then the following syntax can be used. Please be advised that a local user generally will not have access to the shares and a separate credential will need to be used to access the data. 

    isi auth users create nas-phoenix --enabled True --set-password

  3. Create the “namespace” role in the system access zone with the required privileges by typing:
    (NOTE: namespace role name is user-defined and can be set as needed.) 

    isi auth roles create namespace
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB
    isi auth roles modify namespace --add-priv ISI_PRIV_SNAPSHOT
    isi auth roles modify namespace --add-priv ISI_PRIV_JOB_ENGINE

  4. Add the user to the newly created role:
    (NOTE: username ‘nas-phoenix’ name is user-defined and can be set as needed, and can use a domain account like Domain\user_name or user_name@domain.com )

    1. Local 

      isi auth roles modify namespace --add-user nas-phoenix

    2. Domain 

      isi auth roles modify namespace --add-user Domain\user_name

  5. Check the available zones on the device by running the following command. : 

    isi zone zones list

  6. If additional zones are present besides ‘System” then repeat the steps below for each access zone that is to be protected. It is normal practice that additional zones are present.
    (NOTE: The ‘namespace’ role name, user name ‘nas-phoenix’ should match what was used above. The ‘zone_name’ should be replaced for each zone needing to be protected) 

    isi auth roles create namespace –zone zone_name    
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI –zone zone_name     
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE –zone zone_name     
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE –zone zone_name     
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS –zone zone_name     
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS –zone zone_name     
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB –zone zone_name     
    isi auth roles modify namespace --add-user nas-phoenix –zone zone_name


    (Where nas-phoenix is the user intended to protect the device data.)

See also

NAS device validations

Related Articles
How to manually install the VMware backup proxy using the OVA
NAS device validations
Unable to add NAS Device when using Vendor Native APIs for Dell EMC Isilon
How to Display Isilon Privileges from Isilon CLI
Did this answer your question?