Limit access to SVM volume operations
You can define a role to restrict storage volume administration within an SVM.
A traditional role is first created to initially allow access to all the major volume administration functions except cloning. The role is defined with the following characteristics:
-
Able to perform all CRUD volume operations including get, create, modify, and delete
-
Cannot create a volume clone
You can then optionally update the role as needed. In this workflow, the role is changed in the second step to allow the user to create a volume clone.
Step 1: Create the role
You can issue an API call to create the RBAC role.
This REST API call uses the following method and endpoint.
HTTP method | Path |
---|---|
POST |
/api/security/roles |
Step 2: Update the role
You can issue an API call to update the existing role.
This REST API call uses the following method and endpoint.
HTTP method | Path |
---|---|
POST |
/api/security/roles |
In addition to the parameters common with all REST API calls, the following parameters are also used in the curl example in this step.
Parameter | Type | Required | Description |
---|---|---|---|
$SVM_ID |
Path |
Yes |
This is the UUID of the SVM that contains the role definition. |
$ROLE_NAME |
Path |
Yes |
This is the name of the role within the SVM to be updated. |