security dynamic-authorization rule create
Add a dynamic authorization rule
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security dynamic-authorization rule create
command creates a custom dynamic authorization rule for an operation. By default, the set of operations subject to dynamic authorization is the same as the default Multi-Admin-Verify (MAV) set of commands. Additional operations can be configured using the security dynamic-authorization rule create
command.
Parameters
-vserver <vserver name>
- Vserver-
This parameter optionally specifies the Vserver associated with the custom dynamic authorization rule.
-operation <Command or Command Directory>
- Command or Command Directory-
This parameter specifies the operation for the custom dynamic authorization rule to be created. The operation can be a command or command directory.
-query <query>
- Query-
This parameter optionally specifies the object (or objects) upon which to apply the operation. Any field or query supported by the operation can be supplied. If a query is not specified for the rule, the rule applies to all objects of the specified operation. The query object must be enclosed in double quotation marks ("").
Examples
The following command creates a custom dynamic authorization rule for the job delete operation for the Administrative Vserver. This rule is applicable only to job objects whose job ID is greater than 50.
cluster1::> security dynamic-authorization rule create -operation "job delete" -query "-id >50"
The following command creates a custom dynamic authorization rule for the snapmirror policy create operation for the data Vserver vs1.example.com
. This rule is applicable only to snapmirror policies of type other than async-mirror
.
cluster1::> security dynamic-authorization rule create -vserver vs1.example.com -operation "snapmirror policy create" -query "-type !async-mirror"