I ran into an issue where I created a specific role for a customer of mine. the customer connects directly to an svm using perl api implementation. one of the commands he runs is "vserver show" which translates to "vserver-get" or "vserver-get-iter" and I can see that by using "security login role show-ontapi -command "vserver show" even from the svm contetxt.
The problem starts when I as the cluster admin try to add to the role the command "security login role create -role customer_role -vserver customer_vs -cmddirname "vserver show"-access all" and I get the error "command failed: invalid operation"
does anyone have a clue why this happens? is there a way to fix it?
I was to somehow workaround this by adding all the "vserver" cmddirname with readonly access but it allows him to view many more flags under the vserver command that I would like to hide.
anyone with a solution?
Thanks in advance
Forgot to mention - talking about ontap 9.3 and also tested on ontap select 9.4 with the same error on all of them