security login rest-role modify
Modify a REST access control role
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login rest-role modify
command modifies a Representational State Transfer (REST) access-control role.
Parameters
-vserver <vserver name>
- Vserver-
This optionally specifies the Vserver name associated with the REST role.
-role <text>
- Role Name-
This specifies the REST role that is to be modified.
-api <text>
- API Path-
This specifies the Application Programming Interface (API) to which the REST role has access. This API can be a private CLI API or a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
-
Snapshots APIs
-
/api/storage/volumes/{volume.uuid}/snapshots
-
File System Analytics APIs
-
/api/storage/volumes/{volume.uuid}/files
-
/api/storage/volumes/{volume.uuid}/top-metrics/clients
-
/api/storage/volumes/{volume.uuid}/top-metrics/directories
-
/api/storage/volumes/{volume.uuid}/top-metrics/files
-
/api/storage/volumes/{volume.uuid}/top-metrics/users
-
/api/svm/svms/{svm.uuid}/top-metrics/clients
-
/api/svm/svms/{svm.uuid}/top-metrics/directories
-
/api/svm/svms/{svm.uuid}/top-metrics/files
-
/api/svm/svms/{svm.uuid}/top-metrics/users
-
Ontap S3 APIs
-
/api/protocols/s3/services/{svm.uuid}/users
In the above APIs, wildcard character
*
could be used in place of{volume.uuid}
or{svm.uuid}
to denoteall
volumes orall
SVMs, depending upon whether the REST endpoint references volumes or SVMs. -
[-access {none|readonly|read_create|read_modify|read_create_modify|all}]
- Access Level-
This specifies a new access level for the REST role. Possible access level settings are
none
,readonly
,read_create
,read_modify
,read_create_modify
andall
.
Examples
The following command modifies a REST access-control role with the role name readonly
and the API /api/storage/volumes
to have the access level readonly
for Vserver vs.example.com
:
cluster1::> security login rest-role modify -role readonly -api "/api/storage/volumes" -access readonly -vserver vs.example.com cluster1::>
The following command modifies a REST access-control role with the role name rest_role1
and the API /api/snapmirror/policies
to have the access level read_create
for Vserver cluster1.example.com
:
cluster1::> security login rest-role modify -role rest_role1 -api "/api/snapmirror/policies" -access read_create -vserver cluster1.example.com cluster1::>
The following command modifies a REST access-control role with the role name vs1_role
and the resource-qualified endpoint /api/storage/volumes/*/snapshots
to have the access level readonly
for Vserver vs1.example.com
:
cluster1::> security login rest-role modify -role vs1_role -api "/api/storage/volumes/*/snapshots" -access readonly -vserver vs1.example.com cluster1::>
The following command modifies a REST access-control role with the role name vs2_role
and the resource-qualified endpoint /api/storage/volumes/4d383f47-1d40-11ec-81af-005056bb3eae/top-metrics/users
to have the access level none
for Vserver vs2.example.com
:
cluster1::> security login rest-role modify -role vs2_role -api "/api/storage/volumes/4d383f47-1d40-11ec-81af-005056bb3eae/top-metrics/users" -access none -vserver vs2.example.com cluster1::>
The following command modifies a REST access-control role with the role name vs3_role
and the resource-qualified endpoint /api/svm/svms/6dfeb406-9a16-11ec-819e-005056bb1a7c/top-metrics/files
to have the access level read_modify
for Vserver vs3.example.com
:
cluster1::> security login rest-role modify -role vs3_role -api "/api/svm/svms/6dfeb406-9a16-11ec-819e-005056bb1a7c/top-metrics/files" -access read_modify -vserver vs3.example.com cluster1::>
The following command modifies a REST access-control role with the role name vs3_role2
and the wildcard resource-qualified endpoint /api/svm/svms/*/top-metrics/clients
to have the access level readonly
for Vserver vs3.example.com
:
cluster1::> security login rest-role modify -role vs3_role2 -api "/api/svm/svms/*/top-metrics/clients" -access readonly -vserver vs3.example.com cluster1::>
The following command modifies a REST access-control role with the role name vs4_role
and api /api/private/cli/cluster
to have the access level readonly
for Vserver vs4.example.com
:
cluster1::> security login rest-role modify -role vs4_role -api "/api/private/cli/cluster" -access readonly -vserver vs4.example.com cluster1::>