Skip to main content
A newer release of this product is available.

security login rest-role create

Contributors
Suggest changes

Add a REST access control role

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login rest-role create command creates a Representational State Transfer (REST) access-control role. A REST access-control role consists of a role name and an Application Programming Interface (API) to which the role has access. It optionally includes an access level (none , readonly , read_create , read_modify , read_create_modify or all ) for the API. After you create a REST access-control role, you can apply it to a management-utility login account by using the security login modify or security login create commands.

Parameters

-vserver <vserver name> - Vserver

This optionally specifies the Vserver name associated with the REST role.

-role <text> - Role Name

This specifies the REST role that is to be created.

-api <text> - API Path

This specifies the API to which the REST role has access. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes/*/snapshots . * is a wildcard character denoting all volumes.

-access {none|readonly|read_create|read_modify|read_create_modify|all} - Access Level

This optionally specifies an access level for the REST role. Possible access level settings are none , readonly , read_create , read_modify , read_create_modify and all .

Examples

The following command creates a REST access-control role named admin for the vs1.example.com Vserver. This REST role has an access-level of all for the /api/storage/volumes API.

cluster1::> security login rest-role create -role admin -api "/api/storage/volumes" -access all -vserver vs1.example.com
cluster1::>

The following command creates a REST access-control role named rest_role1 for the cluster1.example.com administrative Vserver. This REST role has an access-level of read_create_modify for the /api/snapmirror/policies API.

cluster1::> security login rest-role create -role rest_role1 -api "/api/snapmirror/policies" -access read_create_modify -vserver cluster1.example.com
cluster1::>

The following command creates a REST access-control role named vs1_role for the vs1.example.com Vserver. This REST role has an access level of readonly for all snapshots on the volume with UUID f8a541b5-b68c-11ea-9581-005056bbabe6 .

cluster1::> security login rest-role create -role vs1_role -api "/api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots" -access readonly -vserver vs1.example.com
Warning: Operating on an alias operates on the target of the specified alias:
           "volume snapshot"
cluster1::>