Click Create Tenant.
Complete the fields in the General tab:
Trash Folder GID
If you want to allow access to the trash folder for non root NFSv3 users serviced by the tenant, enter the GID of a user group that you want to use for this purpose in the Trash folder GID field. Users who belong to this group will have permission to move files into the trash folder.
Default share level ACL for others
Optionally set the default 'Everyone' Group share-level permission for the tenant. This default permission affects all views associated with the tenant where share-level ACL is disabled. The permission can be set to read, change or full control. By default, it is set to full control.
For more information about share level ACLs , see Share-Level ACLs.
If encryption is enabled on the cluster with External Key Management (EKM), enter the Cloud Resource Number (CRN) that identifies the tenant's encryption group on the connected EKM provider. Encryption CRN is required for tenant creation if EKM encryption is enabled.
For more information about EKM encryption, see Encryption of Data at Rest.
Enable privileged domain user restore access
Enabled (default). The SMB privileged user is enabled.
Disabled. The SMB privileged user is disabled.
Enable privileged domain group backup access
Enable privileged group restore access
Enabled (default). The SMB privileged user group has read and write control access. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.
Disabled. The SMB privileged user group has read control access. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.
Logon name of the privileged domain user
Optional custom user name for the SMB privileged user. If not set, the user name is 'vastadmin'.
SID of the privileged domain group
Specify a custom group SID in order to have a working privileged group with backup operator privileges. If not set, the SMB privileged group is set to the Backup Operators domain group (S-1-5-32-551), which, due to a known issue, does not receive backup operator privileges.
Local administrators group name
Optional custom name to set for a non default privileged group. If not specified, the privileged group name is Backup Operators.
On the Providers tab:
Select which external authorization providers should be enabled for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations.
If you enable more than one provider, select one of the providers from the POSIX Primary Provider dropdown to take precedence over the other providers in case of any conflicts between attribute values when user information is retrieved from the providers.
On the Tenant Access tab, configure tenant access. These settings are optional. See Providing Client Access to Tenants for more information.
Client IP Ranges List
Use this section to specify which client IPs can access the tenant.
To add a range of client IPs, click Add IP Range and then enter the Start IP and End IP for the range.
To remove a range, click the Remove button for the range.
VIP Pool Ranges List
Use this section to control which VIP pools are dedicated to the tenant:
To dedicate a VIP pool to the tenant, select the VIP pool from the dropdown.
The VIP pool is added to the list of VIP pools.
To make a VIP pool that is already dedicated to the tenant global (available to all tenants), click the Make Global button for the VIP pool.
The tenant is created and appears in the listing of tenants in the Tenants tab.
To create a tenant from the VAST CLI, use the tenant create command.