Re: Multi-admin-verification query - any way to exclude application accounts?

SW1 · ‎2024-12-11

Commvault is triggering ontap snapshot creation/deletion via AIQUM. with MAV rule "volume snapshot delete" this creates an approval request instead of just deleting it. I am wondering if there is any way to exclude this account from this rule. so something like operation="volume snapshot delete" and query="-requested-user=!<AIQUM account>".

For the query options I have not found any documentation.

liu · ‎2024-12-11

Only one MAV rule can be created per operation; for example, you cannot make multiple volume-snapshot-delete rules. Any desired rule constraints must be contained within one rule.

Manage protected operation rules

SW1 · ‎2024-12-12

This is clear to me. using the query option you can make sure snaphot delete operations will not require additional approval for volumes matching a pattern:

rule create -operation="volume snapshot delete" -query="-volume !CC_CVLT*"

with this rule deleting snapshots will trigger an approval request only for volumes not starting with this pattern. I would like to know if this can also be done with requested user but I have not found any detailed documentation for available options.

Multi-admin-verification query - any way to exclude application accounts?

9.11.1 upgrade recreates admin account with 'amqp' application

ONTAP simulator Guest account

Multi-Admin Verification vs. Snapshot Locking

Account support

how to apply Fpolicy on excluded volumes