Skip to main content
All CollectionsKnowledge BaseEnterprise WorkloadsHow To - Enterprise Workloads
Nas backup - Create a NAS role and user on Isilon with required permissions using CLI
Nas backup - Create a NAS role and user on Isilon with required permissions using CLI
Updated over 10 months ago

Overview

The objective is to create a NAS role and user with required permissions using CLI.

Procedure title

NOTE:User name ‘nas-phoenix’ and role name ‘namespace’ are user-defined and can be set as needed.

Below are the steps to create a new role and user for NAS backups with Phoenix:

  1. Establish an SSH connection to any node in the Isilon cluster.

  2. OPTIONAL – If a local user is needed then the following syntax can be used. Please be advised that a local user generally will not have access to the shares and a separate credential will need to be used to access the data.

    isi auth users create nas-phoenix --enabled True --set-password
  3. Create the “namespace” role in the system access zone with the required privileges by typing:
    (NOTE: namespace role name is user-defined and can be set as needed.)

    isi auth roles create namespace
        isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI
        isi auth roles modify namespace --add-priv ISI_PRIV_ROLE
        isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE
        isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS
        isi auth roles modify namespace --add-priv ISI_PRIV_NFS
        isi auth roles modify namespace --add-priv ISI_PRIV_SMB
        isi auth roles modify namespace --add-priv ISI_PRIV_SNAPSHOT
        isi auth roles modify namespace --add-priv ISI_PRIV_JOB_ENGINE
  4. Add the user to the newly created role:
    (NOTE: username ‘nas-phoenix’ name is user-defined and can be set as needed, and can use a domain account like Domain\user_name or user_name@domain.com )

    1. Local

      isi auth roles modify namespace --add-user nas-phoenix
    2. Domain

      isi auth roles modify namespace --add-user Domain\user_name
  5. Check the available zones on the device by running the following command. :

    isi zone zones list
  6. If additional zones are present besides ‘System” then repeat the steps below for each access zone that is to be protected. It is normal practice that additional zones are present.
    (NOTE: The ‘namespace’ role name, user name ‘nas-phoenix’ should match what was used above. The ‘zone_name’ should be replaced for each zone needing to be protected)

    isi auth roles create namespace –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_ROLE –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_NFS –zone zone_name
        isi auth roles modify namespace --add-priv ISI_PRIV_SMB –zone zone_name
        isi auth roles modify namespace --add-user nas-phoenix –zone zone_name


    (Where nas-phoenix is the user intended to protect the device data.)

See also

Did this answer your question?