ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Multi-admin-verification query - any way to exclude application accounts?

SW1
‎2024-12-11 06:04 AM
279 Views

Commvault is triggering ontap snapshot creation/deletion via AIQUM. with MAV rule "volume snapshot delete" this creates an approval request instead of just deleting it. I am wondering if there is any way to exclude this account from this rule. so something like operation="volume snapshot delete" and query="-requested-user=!<AIQUM account>". 

 

For the query options I have not found any documentation. 

0 Kudos
2 REPLIES 2

liu
‎2024-12-11 11:30 PM
219 Views

Only one MAV rule can be created per operation; for example, you cannot make multiple volume-snapshot-delete rules. Any desired rule constraints must be contained within one rule.   

Manage protected operation rules

0 Kudos

SW1
‎2024-12-12 02:51 AM
In response to liu
203 Views

This is clear to me. using the query option you can make sure snaphot delete operations will not require additional approval for volumes matching a pattern: 

 

rule create -operation="volume snapshot delete" -query="-volume !CC_CVLT*"

 

with this rule deleting snapshots will trigger an approval request only for volumes not starting with this pattern. I would like to know if this can also be done with requested user but I have not found any detailed documentation for available options. 

0 Kudos
Announcements
All Community Forums
Public