Skip to main content

security multi-admin-verify rule modify

Contributors
Suggest changes

Modify a rule

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The security multi-admin-verify rule modify command is used to modify the attributes of the rule.

Parameters

-vserver <vserver> - Vserver

This specifies Vserver information for which the rule should be associated with. This is an optional parameter. This parameter defaults to a Cluster server and supports only Cluster servers.

-operation <text> - Operation

This specifies the ONTAP operation information for the rule to be created.

[-auto-request-create {true|false}] - Automatic Request Creation

This specifies rule information for the auto request create state. Auto request creation for the rule is enabled by default, by setting this value to true.

[-query <query>] - Query

This specifies the query information which is applied to the subset of objects of ONTAP operation of the rule to be created. This is an optional parameter. If a query is not specified for the rule, the rule applies to all objects of the ONTAP operation.

[-required-approvers {<integer>|-}] - Required Number of Approvers

This specifies the required number of approvers to approve the ONTAP execution request. This is an optional parameter. If required-approvers is not specified for the rule, the required-approvers from the global setting is applied to the ONTAP operation request. The required-approvers from the global setting can be viewed using the security multi-admin-verify show command. The minimum supported value is 1.

[-approval-groups <text>,…​] - Approval Groups

This specifies the list of users who can approve the ONTAP operation request. This is an optional parameter. If approval-groups is not specified for the rule, the approval-groups from the global setting is applied to the ONTAP operation request. The approval-groups from the global setting can be viewed using the security multi-admin-verify show command.

[-execution-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>] - Execution Expiry

This specifies the amount of time after a request has been approved by which the operation must be executed before the approved execution request expires. This is an optional parameter. If execution-expiry is not specified for the rule, the execution-expiry from the global setting is applied to the ONTAP execution request. The execution-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

[-approval-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>] - Approval Expiry

This specifies the amount of time after a new execution request is submitted by which approvers have to approve or disapprove the request before the pending execution request expires. This is an optional parameter. If approval-expiry is not specified for the rule, the approval-expiry from the global setting is applied to the ONTAP execution request. The approval-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

Examples

This command changes the approval groups:

cluster1::> security multi-admin-verify rule modify -operation "volume delete" -approval-groups group1, group2

This command changes the required number of approvers:

cluster1::> security multi-admin-verify rule modify -operation "volume snapshot delete" -required-approvers 3

This command changes the query:

cluster1::> security multi-admin-verify rule modify -operation "volume delete" -query "-vserver vs1"

This command changes the execution expiry:

cluster1::> security multi-admin-verify rule modify -operation "volume delete" -execution-expiry 14d

This command changes the approval expiry:

cluster1::> security multi-admin-verify rule modify -operation "volume delete" -approval-expiry 48h