security login rest-role create
Suggest changes
PDFs
Add a REST access control role
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login rest-role create command creates a Representational State Transfer (REST) access-control role. A REST access-control role consists of a role name and an Application Programming Interface (API) to which the role has access. It optionally includes an access level (none , readonly , read_create , read_modify , read_create_modify or all ) for the API. After you create a REST access-control role, you can apply it to a management-utility login account by using the security login modify or security login create commands.
Parameters
-vserver <vserver name>- Vserver-
This optionally specifies the Vserver name associated with the REST role.
-role <text>- Role Name-
This specifies the REST role that is to be created.
-api <text>- API Path-
This specifies the API to which the REST role has access. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are
/api/storage/volumes/{volume.uuid}/snapshotsand/api/storage/volumes/*/snapshots.*is a wildcard character denotingallvolumes. -access {none|readonly|read_create|read_modify|read_create_modify|all}- Access Level-
This optionally specifies an access level for the REST role. Possible access level settings are
none,readonly,read_create,read_modify,read_create_modifyandall.
Examples
The following command creates a REST access-control role named admin for the vs1.example.com Vserver. This REST role has an access-level of all for the /api/storage/volumes API.
cluster1::> security login rest-role create -role admin -api "/api/storage/volumes" -access all -vserver vs1.example.com cluster1::>
The following command creates a REST access-control role named rest_role1 for the cluster1.example.com administrative Vserver. This REST role has an access-level of read_create_modify for the /api/snapmirror/policies API.
cluster1::> security login rest-role create -role rest_role1 -api "/api/snapmirror/policies" -access read_create_modify -vserver cluster1.example.com cluster1::>
The following command creates a REST access-control role named vs1_role for the vs1.example.com Vserver. This REST role has an access level of readonly for all snapshots on the volume with UUID f8a541b5-b68c-11ea-9581-005056bbabe6 .
cluster1::> security login rest-role create -role vs1_role -api "/api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots" -access readonly -vserver vs1.example.com
Warning: Operating on an alias operates on the target of the specified alias:
"volume snapshot"
cluster1::>