最小限の権限でSVMロールを作成する
ONTAP で新しい SVM ユーザのロールを作成する場合、実行する必要がある ONTAP CLI コマンドがいくつかあります。ONTAP 内の SVM を SnapCenter で使用するように設定し、 vsadmin ロールを使用したくない場合、このロールが必要です。
-
手順 *
-
ストレージシステムで、ロールを作成してすべての権限を割り当てます。
security login role create –vserver <svm_name\>- role <SVM_Role_Name\> -cmddirname <permission\>
このコマンドは権限ごとに繰り返す必要があります。 -
ユーザを作成し、そのユーザにロールを割り当てます。
security login create -user <user_name\> -vserver <svm_name\> -application ontapi -authmethod password -role <SVM_Role_Name\>
-
ユーザのロックを解除します。
security login unlock -user <user_name\> -vserver <svm_name\>
-
SVMロールの作成と権限の割り当て用のONTAP CLIコマンド
ONTAPのロールを作成して権限を割り当てるには、いくつかのCLIコマンドを実行する必要があります。
5.0以降では、SVM管理者ユーザはREST APIでのみサポートされます。SVM管理者以外を使用してロールを作成する場合は、ZAPIを使用してください。 |
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "snapmirror list-destinations" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "event generate-autosupport-log" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job history show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "job show" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "job stop" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup add" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup rename" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun igroup show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping add-reporting-nodes" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "lun mapping create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping remove-reporting-nodes" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun mapping show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun modify" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun move-in-volume" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun offline" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun online" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun resize" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun serial" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "lun show" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "network interface" -access readonly
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy add-rule" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy modify-rule" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy remove-rule" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror policy show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror restore" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror show" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "snapmirror show-history" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "snapmirror update-ls-set" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "version" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split start" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume clone split stop" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume destroy" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file clone create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume file show-disk-usage" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume modify" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume offline" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume online" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree modify" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume qtree show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume restrict" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot modify" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "volume snapshot modify-snaplock-expiry-time" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot rename" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot restore-file" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume snapshot show-delta" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume unmount" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs share show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver cifs show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy delete" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule create" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy rule show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy show" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "vserver iscsi connection show" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver" -access readonly
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver export-policy" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "vserver iscsi" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "volume clone split status" -access all
-
security login role create -vserver SVM_name -role SVM_Role_Name -cmddirname "volume managed-feature" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem map" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem create" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem delete" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem modify" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem host" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem controller" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme subsystem show" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme namespace create" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme namespace delete" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme namespace modify" -access all
-
security login role create -vserver SVM_Name -role SVM_Role_Name -cmddirname "nvme namespace show" -access all