topic Security role limit ? in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/Security-role-limit/m-p/118221#M25251 <P>&nbsp;</P><P><FONT size="2">I want to create a role to create qtree and quota only (create + show) and not delete, the role will be used for PowerShell scripting.</FONT><BR /><FONT size="2">No problem for qtree create, show, delete is refused.</FONT><BR /><FONT size="2">For quota when i change one of the 4 privileges (create, delete, modify, show) the 3 others are automaticaly modified...</FONT></P><P>&nbsp;</P><P><BR />s<FONT color="#0000FF">ecurity login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree create" -access all</FONT><BR /><FONT color="#0000FF">security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree show" -access all</FONT><BR /><FONT color="#0000FF">security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume quota policy rule create" -access all</FONT></P><P><FONT color="#0000FF">Warning: This operation will also affect the following commands:</FONT><BR /><FONT color="#0000FF">"volume quota policy rule delete"</FONT><BR /><FONT color="#0000FF">"volume quota policy rule modify"</FONT><BR /><FONT color="#0000FF">"volume quota policy rule show"</FONT></P><P><FONT color="#0000FF">security login role show -vserver SVM-TEST -role admin_qtree</FONT><BR /><FONT color="#0000FF">Role Command/ Access</FONT><BR /><FONT color="#0000FF">Vserver Name Directory Query Level</FONT><BR /><FONT color="#0000FF">---------- ------------- --------- ----------------------------------- --------</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree DEFAULT none</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree version readonly</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume qtree create all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume qtree show all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule create all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule delete all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule modify all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule show all</FONT><BR /><FONT color="#0000FF">8 entries were displayed.</FONT></P> Wed, 04 Jun 2025 21:26:34 GMT ECOIFFE 2025-06-04T21:26:34Z Security role limit ? https://community.netapp.com/t5/ONTAP-Discussions/Security-role-limit/m-p/118221#M25251 <P>&nbsp;</P><P><FONT size="2">I want to create a role to create qtree and quota only (create + show) and not delete, the role will be used for PowerShell scripting.</FONT><BR /><FONT size="2">No problem for qtree create, show, delete is refused.</FONT><BR /><FONT size="2">For quota when i change one of the 4 privileges (create, delete, modify, show) the 3 others are automaticaly modified...</FONT></P><P>&nbsp;</P><P><BR />s<FONT color="#0000FF">ecurity login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree create" -access all</FONT><BR /><FONT color="#0000FF">security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree show" -access all</FONT><BR /><FONT color="#0000FF">security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume quota policy rule create" -access all</FONT></P><P><FONT color="#0000FF">Warning: This operation will also affect the following commands:</FONT><BR /><FONT color="#0000FF">"volume quota policy rule delete"</FONT><BR /><FONT color="#0000FF">"volume quota policy rule modify"</FONT><BR /><FONT color="#0000FF">"volume quota policy rule show"</FONT></P><P><FONT color="#0000FF">security login role show -vserver SVM-TEST -role admin_qtree</FONT><BR /><FONT color="#0000FF">Role Command/ Access</FONT><BR /><FONT color="#0000FF">Vserver Name Directory Query Level</FONT><BR /><FONT color="#0000FF">---------- ------------- --------- ----------------------------------- --------</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree DEFAULT none</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree version readonly</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume qtree create all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume qtree show all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule create all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule delete all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule modify all</FONT><BR /><FONT color="#0000FF">SVM-TEST admin_qtree volume quota policy rule show all</FONT><BR /><FONT color="#0000FF">8 entries were displayed.</FONT></P> Wed, 04 Jun 2025 21:26:34 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-role-limit/m-p/118221#M25251 ECOIFFE 2025-06-04T21:26:34Z