security login rest-role show

Contributors

Show REST access control roles

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login rest-role show command displays the following information about Representational State Transfer (REST) access-control roles:

  • Vserver

  • Role name

  • Application Programming Interface (API) to which the REST role has access

  • Access Level (none , readonly , read_create , read_modify , read_create_modify , or all )

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver

Selects the REST roles that match this parameter value.

[-role <text>] - Role Name

Selects the REST roles that match this parameter value. If this parameter and the -api parameter are both used, the command displays detailed information about the specified REST access-control role.

[-api <text>] - API Path

Selects the REST roles that match this parameter value. If this parameter and the -role parameter are both used, the command displays detailed information about the specified REST access-control role. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:

  • Snapshots APIs

  • /api/storage/volumes/{volume.uuid}/snapshots

  • File System Analytics APIs

  • /api/storage/volumes/{volume.uuid}/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/clients

  • /api/storage/volumes/{volume.uuid}/top-metrics/directories

  • /api/storage/volumes/{volume.uuid}/top-metrics/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/users

  • /api/svm/svms/{svm.uuid}/top-metrics/clients

  • /api/svm/svms/{svm.uuid}/top-metrics/directories

  • /api/svm/svms/{svm.uuid}/top-metrics/files

  • /api/svm/svms/{svm.uuid}/top-metrics/users

In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.

[-access {none|readonly|read_create|read_modify|read_create_modify|all}] - Access Level

Selects the roles that match this parameter value.

Examples

The example below displays information about all REST access-control roles:

cluster1::> security login rest-role show
Role                            Access
      Vserver           Name            API             Level
      ----------        -------------   -----------     -----------
      vs                vsrole1         /api            none
      vs                vsrole1         /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/files
                                                        all
      vs                vsrole1         /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots
                                                        readonly
      vs                vsrole1         /api/storage/volumes/843b87f9-2f5e-11ec-9524-005056bb0bee/snapshots
                                                        read_create
      vs                vsrole1         /api/svm/svms/843b87f9-2f5e-11ec-9524-005056bb0bee/top-metrics/clients
                                                        read_create
      cluster1          readonly        /api/storage    none
      cluster1          custom          /api/cluster    read_modify
      cluster1          custom          /api/security/accounts
                                                        read_create_modify
      cluster1          custom          /api/storage/volumes/*/top-metrics/users
                                                        readonly
      cluster1          custom          /api/storage/volumes/*/snapshots
                                                        all
cluster1::>