security login rest-role show
Suggest changes
PDFs
Show REST access control roles
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login rest-role show command displays the following information about Representational State Transfer (REST) access-control roles:
-
Vserver
-
Role name
-
Application Programming Interface (API) to which the REST role has access
-
Access Level (
none,readonly,read_create,read_modify,read_create_modify, orall)
Parameters
- {
[-fields <fieldname>,…] -
If you specify the
-fields <fieldname>, …parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]} -
If you specify the
-instanceparameter, the command displays detailed information about all fields. [-vserver <vserver name>]- Vserver-
Selects the REST roles that match this parameter value.
[-role <text>]- Role Name-
Selects the REST roles that match this parameter value. If this parameter and the
-apiparameter are both used, the command displays detailed information about the specified REST access-control role. [-api <text>]- API Path-
Selects the REST roles that match this parameter value. If this parameter and the
-roleparameter are both used, the command displays detailed information about the specified REST access-control role. This API can be a private CLI API or a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:-
Snapshots APIs
-
/api/storage/volumes/{volume.uuid}/snapshots -
File System Analytics APIs
-
/api/storage/volumes/{volume.uuid}/files -
/api/storage/volumes/{volume.uuid}/top-metrics/clients -
/api/storage/volumes/{volume.uuid}/top-metrics/directories -
/api/storage/volumes/{volume.uuid}/top-metrics/files -
/api/storage/volumes/{volume.uuid}/top-metrics/users -
/api/svm/svms/{svm.uuid}/top-metrics/clients -
/api/svm/svms/{svm.uuid}/top-metrics/directories -
/api/svm/svms/{svm.uuid}/top-metrics/files -
/api/svm/svms/{svm.uuid}/top-metrics/users -
Ontap S3 APIs
-
/api/protocols/s3/services/{svm.uuid}/users -
Private-cli APIs
-
/api/private/cli/cluster
In the above APIs, wildcard character
*could be used in place of{volume.uuid}or{svm.uuid}to denoteallvolumes orallSVMs, depending upon whether the REST endpoint references volumes or SVMs. -
[-access {none|readonly|read_create|read_modify|read_create_modify|all}]- Access Level-
Selects the roles that match this parameter value.
Examples
The example below displays information about all REST access-control roles:
cluster1::> security login rest-role show
Role Access
Vserver Name API Level
---------- ------------- ----------- -----------
vs vsrole1 /api none
vs vsrole1 /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/files
all
vs vsrole1 /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots
readonly
vs vsrole1 /api/storage/volumes/843b87f9-2f5e-11ec-9524-005056bb0bee/snapshots
read_create
vs vsrole1 /api/svm/svms/843b87f9-2f5e-11ec-9524-005056bb0bee/top-metrics/clients
read_create
cluster1 readonly /api/storage none
cluster1 custom /api/cluster read_modify
cluster1 custom /api/security/accounts
read_create_modify
cluster1 custom /api/storage/volumes/*/top-metrics/users
readonly
cluster1 custom /api/storage/volumes/*/snapshots
all
cluster1::>