docs(auditor): verify and correct permissions for NetApp Auditing [Doc Task 439286]

[nwnikacc]

Summary

• Moved Remember note about vsadmin to a dedicated section at the bottom of the page with expanded description
• Added ONTAPI vs. REST API section with guidance on when to use each protocol, including the AD group limitation in ONTAP 9.10+
• Added NetApp Built-in vsadmin Role section with when-to-use / when-to-prefer-granular-roles guidance
• Moved NetApp documentation links to a Related Resources section
• Removed duplicate NOTE from Step 3 of Create Role procedure (now covered by the new ONTAPI vs. REST API section)

Test plan

• Verify all internal anchor links resolve correctly
• Verify NetApp external links are reachable
• Review formatting of NOTE: blocks and tables

Relates to: Doc Task 439286 — [FSA] Verify and correct the "Permissions for NetApp Auditing" doc

Generated with AI

Co-Authored-By: Claude Code ai@netwrix.com

[github-actions]

Auto-Fix Summary

11 issues fixed, 1 skipped across 1 files

Category	Fixes
Contractions	2
BoilerplateCrossRef (rewrite)	1
Dale: idioms	2
Dale: passive-voice	6

Skipped (needs manual review)	Reason

| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:12 — Dale: undefined-acronyms | SVM and ONTAPI are NetApp-specific acronyms used without spelled-out form on first use, but in a NetApp configuration article the target audience (NetApp/Auditor admins) is reliably familiar with them; expanding them mid-prose would change the article's voice and scope beyond a Dale fix |

Ask @claude on this PR if you'd like an explanation of any fix.

[nwnikacc]

Fix complete:

• Introduce ZAPI synonym in opening sentence (line 59)
• Fix "modern ONTAP versions" vague qualifier (line 68)
• Remove duplicate REST API link — kept only in Related Resources (line 73)
• Add forward reference for netwrix_role / netwrix_rest_role in NOTE (line 71)
• Add vsadmin forward pointer in ONTAPI vs. REST API section
• Clarify AD domain account bullet reason (line 159)
• Commit and push

Summary:

• docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md: 6 editorial issues fixed. Issue 5 (idiom "rule out") was already resolved by the Vale/Dale auto-fix workflow.

[github-actions]

Auto-Fix Summary

3 issues fixed, 3 skipped across 1 files

Category	Fixes
Dale: passive-voice	1
Dale: positional-references	1
Dale: undefined-acronyms	1

Skipped (needs manual review)	Reason

| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:73 — Dale: minimizing-difficulty | 'A simple setup' describes an attribute of the configuration approach, not the difficulty of a user task |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:151 — Dale: minimizing-difficulty | 'A simple setup' describes the configuration approach as a characteristic, not minimizing user task difficulty |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:48 — Dale: undefined-acronyms | 'RestAPI' / 'RESTAPI' is a stylistic/consistency issue (should be 'REST API'); REST is a well-known IT term familiar to sysadmin audiences |

Ask @claude on this PR if you'd like an explanation of any fix.

[andrey-isakov-nwx]

[Low] Inconsistent "RESTAPI" vs "REST API" terminology

Pre-existing lines in the Create Role section still use RESTAPI (no space) while all new sections added by this PR use REST API (with space):

• Line 82: netwrix_rest_role for RESTAPI
• Line 95 heading: Create RESTAPI role:
• Line 121 heading: RESTAPI role:
• Line 137 heading: Create login for RESTAPI role:

Suggested fix: Replace RESTAPI → REST API in the Create Role section (headings and inline references) to match the terminology used throughout the rest of the page.

[andrey-isakov-nwx]

[Low] vsadmin section lacks upfront privilege warning

The section opens by saying the role "grants full SVM administrative access" but places the security guidance only in the "Granular roles are preferable when" bullet list below. A reader skimming for a simple setup may choose vsadmin in a production environment without reading the caveat.

Suggested fix: Add a NOTE before the bullet lists, e.g.:

NOTE: The vsadmin role grants broad SVM administrative privileges beyond what Netwrix Auditor requires. Use granular custom roles in production environments following the least-privilege principle.

[andrey-isakov-nwx]

[Low] AD domain account bullet in granular-roles section lacks explanation

Line 159: "You use an AD domain account for data collection (see Create Role…)" links to the procedure but does not explain why AD accounts require granular roles — readers must follow the link and infer.

Suggested fix: Expand to: "You use an AD domain account for data collection — AD accounts must be assigned a custom role because the vsadmin role cannot be directly assigned to domain accounts via the ONTAPI/HTTP login mechanism (see Create Role on NetApp Clustered Data ONTAP 8 or ONTAP 9 and Enabling AD User Access)."

[github-actions]

Auto-Fix Summary

2 issues fixed, 3 skipped across 1 files

Category	Fixes
Dale: passive-voice	1
Dale: wordiness	1

Skipped (needs manual review)	Reason

| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:12 — Dale: undefined-acronyms | ONTAPI is a product name (ONTAP API) and is explained in the cross-referenced section that follows; spelling out inline would be redundant |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:152 — Dale: wordiness | 'There are no restrictions on using a highly privileged SVM account' — rewording could alter the precise meaning of the constraint being described |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:73 — Dale: headings (style guidance) | Heading mixes imperative 'Create' and gerund 'Enabling'; not covered by a Dale rule, and rewording could change established anchor structure |

Ask @claude on this PR if you'd like an explanation of any fix.

[github-actions]

Auto-Fix Summary

1 issues fixed, 3 skipped across 1 files

Category	Fixes
Dale: passive-voice	1

Skipped (needs manual review)	Reason

| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:57 — Dale: passive-voice | '(also known as ZAPI)' is a fixed parenthetical expression; rewriting would change tone and clarity. |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:147 — Dale: misplaced-modifiers | 'Use granular custom roles in production environments following the principle of least privilege' has a participial phrase that could attach to either 'environments' or the implied 'you'; meaning is clear in context and rewrites risk altering nuance. |
| docs/auditor/10.8/configuration/fileservers/netappcmode/permissions.md:158 — Dale: passive-voice | 'The SVM is shared' uses 'shared' as a stative adjective describing SVM configuration; rewriting to specify an agent would change meaning. |

Ask @claude on this PR if you'd like an explanation of any fix.