ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

ONTAP RBAC issue with offline to only clones

elic_co
‎2019-12-23 09:49 AM
2,334 Views

Hey everyone,

I would like to create a custom role on my ontap cluster so that that bringing offline or deleting volumes/luns will only be able to those who contain the words "clone" or "restore" (or both).

I started with the volume offline with restore combination - security login role create -role test -cmd "volume offline" -query "-volume *restore*"

I created a local user and assigned him this role, however when I log in the cluster shell I'm able to bring down any volume, whether it contains "restore" or not.

Any idea what am I missing?

Thanks,

 

0 Kudos
2 REPLIES 2

elic_co
‎2019-12-23 10:00 AM
2,325 Views

In addition, what's the scope of the "query" parameter? what can it be used for?

there are a few examples on the internet but not enough.

can I use to limit every command?

0 Kudos

elic_co
‎2020-01-01 07:57 AM
2,174 Views

anyone?

0 Kudos
All Community Forums
Public