You can use the default system administration account, or root, for managing a storage system. You can also create additional administrator user accounts.
The following are the reasons for creating administrator accounts:
- You can specify administrators and groups of administrators to have differing degrees of administrative access to your storage systems.
- You can limit an administrator’s access to specific storage systems by giving him or her an administrative account on only those systems.
- Having different administrative users allows you to display information about who is performing what commands on the storage system.
The auditlog file keeps a record of all administrator operations performed on the storage system and the administrator who performed it, as well as any operations that failed due to insufficient capabilities.
- You assign each administrator to one or more groups whose assigned roles (sets of capabilities) determine what operations that administrator is authorized to carry out on the storage system.
- If a storage system running CIFS is a member of a domain or a Windows workgroup, domainuser accounts authenticated on the Windows domain can access the storage system using Telnet, RSH, SSH, FilerView, Data ONTAP APIs, and Windows Remote Procedure Calls (RPCs).
For more information about authenticating users using Windows domains, see the section on user accounts in the CIFS chapter of the Data ONTAP File Access and Protocols Management Guide.