Trident expects to be run as either an ONTAP or SVM administrator, typically
using the admin
cluster user or a vsadmin
SVM user, or a user with a
different name that has the same role. For Amazon FSx for ONTAP deployments, Trident expects to be run as either an ONTAP or SVM administrator, using the cluster fsxadmin
user or a vsadmin
SVM user, or a user with a different name that has the same role. The fsxadmin
user is a limited replacement for the cluster admin user.
Note
If you use the limitAggregateUsage
parameter, cluster admin permissions are required. When using Amazon FSx for ONTAP with Trident, the limitAggregateUsage
parameter will not work with the vsadmin
and fsxadmin
user accounts. The configuration operation will fail if you specify this parameter.
While it is possible to create a more restrictive role within ONTAP that a Trident driver can use, we don't recommend it. Most new releases of Trident will call additional APIs that would have to be accounted for, making upgrades difficult and error-prone.