Active IQ Unified Manager Discussions

vserver show api missing from ontap?

elic_co

Hello everyone,

I ran into an issue where I created a specific role for a customer of mine. the customer connects directly to an svm using perl api implementation. one of the commands he runs is "vserver show" which translates to "vserver-get" or "vserver-get-iter" and I can see that by using "security login role show-ontapi -command "vserver show" even from the svm contetxt.

The problem starts when I as the cluster admin try to add to the role the command "security login role create -role customer_role -vserver customer_vs -cmddirname "vserver show"-access all" and I get the error "command failed: invalid operation"

 

does anyone have a clue why this happens? is there a way to fix it?

I was to somehow workaround this by adding all the "vserver" cmddirname with readonly access but it allows him to view many more flags under the vserver command that I would like to hide. 

anyone with a solution?

 

Thanks in advance

 

Forgot to mention - talking about ontap 9.3 and also tested on ontap select 9.4 with the same error on all of them

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public