Additional troubleshooting info for "Blocking User Access"

pixelchrome commented 2 months ago

Summary

The following can be added to the Troubleshooting part of Blocking User Access https://docs.netapp.com/us-en/cloudinsights/cs_restrict_user_access.html#troubleshooting

Note: Restarting the data collectors cleared an issue with a wrong 'cached' username.

I'm getting the Error Message SID translate failed. Reason:255:Error: command failed: not authorized for that commandError: "access-check" is not a recognized command when a user should have been blocked.

This can happen is csuser does not have correct permissions. See https://docs.netapp.com/us-en/cloudinsights/cs_restrict_user_access.html#prerequisites-for-user-access-blocking After applying the permissions, it is recommended to restart the ONTAP data collector and User Directory data collector.

security login role create -role csrole -cmddirname "vserver export-policy rule" -access all
security login role create -role csrole -cmddirname set -access all
security login role create -role csrole -cmddirname "vserver cifs session" -access all
security login role create -role csrole -cmddirname "vserver services access-check authentication translate" -access all
security login role create -role csrole -cmddirname "vserver name-mapping" -access all

Public issues must not contain sensitive information

[X] This issue contains no sensitive information.

netapp-alavoie commented 2 months ago

Hi Harald!

This seems like a good troubleshooting tip, and I will go ahead and add it.

netapp-alavoie commented 2 months ago

This troubleshooting tip is now live on the page.

NetAppDocs / cloudinsights

Additional troubleshooting info for "Blocking User Access" #2581

Summary

Public issues must not contain sensitive information