security login rest-role delete

Contributors

Delete a REST access control role

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login rest-role delete command deletes a Representational State Transfer (REST) access-control role.

Parameters

-vserver <vserver name> - Vserver

This optionally specifies the Vserver name associated with the REST role.

-role <text> - Role Name

This specifies the REST role that is to be deleted.

-api <text> - API Path

This specifies the Application Programming Interface (API) to which the REST role has access. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:

  • Snapshots APIs

  • /api/storage/volumes/{volume.uuid}/snapshots

  • File System Analytics APIs

  • /api/storage/volumes/{volume.uuid}/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/clients

  • /api/storage/volumes/{volume.uuid}/top-metrics/directories

  • /api/storage/volumes/{volume.uuid}/top-metrics/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/users

  • /api/svm/svms/{svm.uuid}/top-metrics/clients

  • /api/svm/svms/{svm.uuid}/top-metrics/directories

  • /api/svm/svms/{svm.uuid}/top-metrics/files

  • /api/svm/svms/{svm.uuid}/top-metrics/users

In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or _all _ SVMs, depending upon whether the REST endpoint references volumes or SVMs.

Examples

The following command deletes a REST access-control role entry with the role name readonly and the API /api/storage/volumes from Vserver vs.example.com .

cluster1::> security login rest-role delete -role readonly -api "/api/storage/volumes" -vserver vs.example.com
cluster1::>

The following command deletes a REST access-control role entry with the role name vs1_role and the resource-qualified endpoint corresponding to all snapshots on the volume with UUID 0aa39ec1-b68d-11ea-9581-005056bbabe6 from Vserver vs1.example.com .

cluster1::> security login rest-role delete -role vs1_role -api "/api/storage/volumes/0aa39ec1-b68d-11ea-9581-005056bbabe6/snapshots" -vserver vs1.example.com
cluster1::>

The following command deletes a REST access-control role entry with the role name vs2_role and the resource-qualified endpoint corresponding to all top-metrics clients on the volume with UUID 373eb9ef-1d40-11ec-992e-005056bba268 from Vserver vs2.example.com .

cluster1::> security login rest-role delete -role vs2_role -api "/api/storage/volumes/373eb9ef-1d40-11ec-992e-005056bba268/top-metrics/clients" -vserver vs2.example.com
cluster1::>

The following command deletes a REST access-control role entry with the role name vs3_role and the resource-qualified endpoint corresponding to all top-metrics directories for the Vserver vs3.example.com with UUID 6dfeb2a7-9a16-11ec-819e-005056bb1a7c .

cluster1::> security login rest-role delete -role vs3_role -api "/api/svm/svms/6dfeb2a7-9a16-11ec-819e-005056bb1a7c/top-metrics/directories" -vserver vs3.example.com
cluster1::>