ONTAP Discussions

Security role limit ?

ECOIFFE
1,584 Views

 

I want to create a role to create qtree and quota only (create + show) and not delete, the role will be used for PowerShell scripting.
No problem for qtree create, show, delete is refused.
For quota when i change one of the 4 privileges (create, delete, modify, show) the 3 others are automaticaly modified...

 


security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree create" -access all
security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume qtree show" -access all
security login role create -vserver SVM-TEST -role admin_qtree -cmddirname "volume quota policy rule create" -access all

Warning: This operation will also affect the following commands:
"volume quota policy rule delete"
"volume quota policy rule modify"
"volume quota policy rule show"

security login role show -vserver SVM-TEST -role admin_qtree
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
SVM-TEST admin_qtree DEFAULT none
SVM-TEST admin_qtree version readonly
SVM-TEST admin_qtree volume qtree create all
SVM-TEST admin_qtree volume qtree show all
SVM-TEST admin_qtree volume quota policy rule create all
SVM-TEST admin_qtree volume quota policy rule delete all
SVM-TEST admin_qtree volume quota policy rule modify all
SVM-TEST admin_qtree volume quota policy rule show all
8 entries were displayed.

0 REPLIES 0
Public