ONTAP Discussions

ONTAP RBAC issue with offline to only clones

elic_co

Hey everyone,

I would like to create a custom role on my ontap cluster so that that bringing offline or deleting volumes/luns will only be able to those who contain the words "clone" or "restore" (or both).

I started with the volume offline with restore combination - security login role create -role test -cmd "volume offline" -query "-volume *restore*"

I created a local user and assigned him this role, however when I log in the cluster shell I'm able to bring down any volume, whether it contains "restore" or not.

Any idea what am I missing?

Thanks,

 

2 REPLIES 2

elic_co

anyone?

elic_co

In addition, what's the scope of the "query" parameter? what can it be used for?

there are a few examples on the internet but not enough.

can I use to limit every command?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public