security login rest-role create

Add a REST access control role

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login rest-role create command creates a Representational State Transfer (REST) access-control role. A REST access-control role consists of a role name and an Application Programming Interface (API) to which the role has access. It optionally includes an access level (none, readonly or all) for the API. After you create a REST access-control role, you can apply it to a management-utility login account by using the security login modify or security login create commands.

Parameters

-vserver <Vserver Name> - Vserver
This optionally specifies the Vserver name associated with the REST role.
-role <text> - Role Name
This specifies the REST role that is to be created.
-api <text> - API Path
This specifies the API to which the REST role has access. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes/*/snapshots. * is a wildcard character denoting all volumes.
-access {none|readonly|all} - Access Level
This optionally specifies an access level for the REST role. Possible access level settings are none, readonly and all. The default setting is all.

Examples

The following command creates a REST access-control role named admin for the vs1.example.com Vserver. This REST role has an access-level of all for the /api/storage/volumes API.
          cluster1::> security login rest-role create -role admin -api "/api/storage/volumes" -access all -vserver vs1.example.com

          cluster1::>
      
The following command creates a REST access-control role named vs1_role for the vs1.example.com Vserver. This REST role has an access level of readonly for all snapshots on the volume with UUID f8a541b5-b68c-11ea-9581-005056bbabe6.
          cluster1::> security login rest-role create -role vs1_role -api "/api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots" -access readonly -vserver vs1.example.com

           Warning: Operating on an alias operates on the target of the specified alias:
           "volume snapshot"

          cluster1::>