Defining custom roles

You can use the security login role create command to define a custom role. You can execute the command as many times as necessary to achieve the exact combination of capabilities that you want to associate with the role.

Before you begin

You must be a cluster administrator to perform this task.

About this task

Note: You cannot assign an SVM administrator a role that gives access to a command or command directory that is available only to the admin cluster administrator—for example, the security command directory.

Step

  1. Define a custom role: security login role create -vserver SVM_name -role role -cmddirname command_or_directory_name -access access_level -query query

    For complete command syntax, see the worksheet.

    Defining custom roles

    Example

    The following commands grant the vol_role role full access to the commands in the volume command directory and read-only access to the commands in the volume snapshot subdirectory.

    cluster1::>security login role create -role vol_role -cmddirname "volume" -access all
    
    cluster1::>security login role create -role vol_role -cmddirname "volume snapshot" -access readonly
    

    The following commands grant the SVM_storage role read-only access to the commands in the storage command directory, no access to the commands in the storage encryption subdirectory, and full access to the storage aggregate plex offline nonintrinsic command.

    cluster1::>security login role create -role SVM_storage -cmddirname "storage" -access readonly
    
    cluster1::>security login role create -role SVM_storage -cmddirname "storage encryption" -access none
    
    cluster1::>security login role create -role SVM_storage -cmddirname "storage aggregate plex offline" -access all