ONTAP Discussions

ONTAP RBAC issue with offline to only clones

elic_co
2,335 Views

Hey everyone,

I would like to create a custom role on my ontap cluster so that that bringing offline or deleting volumes/luns will only be able to those who contain the words "clone" or "restore" (or both).

I started with the volume offline with restore combination - security login role create -role test -cmd "volume offline" -query "-volume *restore*"

I created a local user and assigned him this role, however when I log in the cluster shell I'm able to bring down any volume, whether it contains "restore" or not.

Any idea what am I missing?

Thanks,

 

2 REPLIES 2

elic_co
2,326 Views

In addition, what's the scope of the "query" parameter? what can it be used for?

there are a few examples on the internet but not enough.

can I use to limit every command?

elic_co
2,175 Views

anyone?

Public