NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Active IQ Unified Manager Discussions

vserver show api missing from ontap?

elic_co
2,193 Views

Hello everyone,

I ran into an issue where I created a specific role for a customer of mine. the customer connects directly to an svm using perl api implementation. one of the commands he runs is "vserver show" which translates to "vserver-get" or "vserver-get-iter" and I can see that by using "security login role show-ontapi -command "vserver show" even from the svm contetxt.

The problem starts when I as the cluster admin try to add to the role the command "security login role create -role customer_role -vserver customer_vs -cmddirname "vserver show"-access all" and I get the error "command failed: invalid operation"

 

does anyone have a clue why this happens? is there a way to fix it?

I was to somehow workaround this by adding all the "vserver" cmddirname with readonly access but it allows him to view many more flags under the vserver command that I would like to hide. 

anyone with a solution?

 

Thanks in advance

 

Forgot to mention - talking about ontap 9.3 and also tested on ontap select 9.4 with the same error on all of them

0 REPLIES 0
Public