Active IQ Unified Manager Discussions

vserver show api missing from ontap?

elic_co
1,462 Views

Hello everyone,

I ran into an issue where I created a specific role for a customer of mine. the customer connects directly to an svm using perl api implementation. one of the commands he runs is "vserver show" which translates to "vserver-get" or "vserver-get-iter" and I can see that by using "security login role show-ontapi -command "vserver show" even from the svm contetxt.

The problem starts when I as the cluster admin try to add to the role the command "security login role create -role customer_role -vserver customer_vs -cmddirname "vserver show"-access all" and I get the error "command failed: invalid operation"

 

does anyone have a clue why this happens? is there a way to fix it?

I was to somehow workaround this by adding all the "vserver" cmddirname with readonly access but it allows him to view many more flags under the vserver command that I would like to hide. 

anyone with a solution?

 

Thanks in advance

 

Forgot to mention - talking about ontap 9.3 and also tested on ontap select 9.4 with the same error on all of them

0 REPLIES 0
Public