I would like to create a custom role on my ontap cluster so that that bringing offline or deleting volumes/luns will only be able to those who contain the words "clone" or "restore" (or both).
I started with the volume offline with restore combination - security login role create -role test -cmd "volume offline" -query "-volume *restore*"
I created a local user and assigned him this role, however when I log in the cluster shell I'm able to bring down any volume, whether it contains "restore" or not.
Any idea what am I missing?
In addition, what's the scope of the "query" parameter? what can it be used for?
there are a few examples on the internet but not enough.
can I use to limit every command?