Highlighted

EMC Filer Celerra Scan user permissions

In the admin guide on ading the credentials required for an EMC Celerra the following is detailed. 

Credentials required for scanning of shares.

Required for scanning of shares from the EMC filer. This credential belongs to the user in the domain of which the EMC filer is a part.

Additionally, to be able to obtain share-level ACLs, the credentials must belong to the Domain Administrators group on the file server. You do not need this privilege if you do not want to get the share-level ACLs. In this case you will only need privileges to mount the share and scan the file system heirarchy.

 

For the ability to obtain the share ACLs - to be clear does the user need to be a local admin on the filer, or a Domain administrator of the domain in which the filer and shares exist. The language to isn't clear what is being requested.

Thanks
David

1 Reply

Re: EMC Filer Celerra Scan user permissions

David the share-level permissions are outside of the ACL and to retrieve them you need to be able to access the share security. For that purpose you need the Admin rights granted via the Domain Administrators group on the filer.

The reason for a domain user from Active Directory as describe under the credentials is so the EMC cava and the collector scanning can run under the same context.

You may add an Active Directory user to the group if desired.
Typically you can use the Microsoft Management Console (MMC) for review the users for the array.

Note: there are some compatibility issues depending on the MS platform version and the DART version on the Celerra.

There is also EMC tools such as the EMC Unisphere (login as root) where you can choose your Celerra server from the drop-down list at the top of the EMC Unisphere toolbar. Once within the array, Click the Settings icon in the EMC Unisphere toolbar and then click Security where you should be able to Select Local Users and groups to continue with your review / changes.

Your question likely comes from these instructions, and you will need to add the proper user under the credential section of the options for adding a celerra filer to the Data Insight environment. Hopefully it is more clear when viewed as why you need the particular level of security for your user rather than just the description of the user's capabilities.


Rod