security login rest-role show
Show REST access control roles
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login rest-role show
command displays the following information about Representational State Transfer (REST) access-control roles:
-
Vserver
-
Role name
-
Application Programming Interface (API) to which the REST role has access
-
Access Level (
none
,readonly
,read_create
,read_modify
,read_create_modify
, orall
)
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-vserver <vserver name>]
- Vserver-
Selects the REST roles that match this parameter value.
[-role <text>]
- Role Name-
Selects the REST roles that match this parameter value. If this parameter and the
-api
parameter are both used, the command displays detailed information about the specified REST access-control role. [-api <text>]
- API Path-
Selects the REST roles that match this parameter value. If this parameter and the
-role
parameter are both used, the command displays detailed information about the specified REST access-control role. This API can be a private CLI API or a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:-
Snapshots APIs
-
/api/storage/volumes/{volume.uuid}/snapshots
-
File System Analytics APIs
-
/api/storage/volumes/{volume.uuid}/files
-
/api/storage/volumes/{volume.uuid}/top-metrics/clients
-
/api/storage/volumes/{volume.uuid}/top-metrics/directories
-
/api/storage/volumes/{volume.uuid}/top-metrics/files
-
/api/storage/volumes/{volume.uuid}/top-metrics/users
-
/api/svm/svms/{svm.uuid}/top-metrics/clients
-
/api/svm/svms/{svm.uuid}/top-metrics/directories
-
/api/svm/svms/{svm.uuid}/top-metrics/files
-
/api/svm/svms/{svm.uuid}/top-metrics/users
-
Ontap S3 APIs
-
/api/protocols/s3/services/{svm.uuid}/users
-
Private-cli APIs
-
/api/private/cli/cluster
In the above APIs, wildcard character
*
could be used in place of{volume.uuid}
or{svm.uuid}
to denoteall
volumes orall
SVMs, depending upon whether the REST endpoint references volumes or SVMs. -
[-access {none|readonly|read_create|read_modify|read_create_modify|all}]
- Access Level-
Selects the roles that match this parameter value.
Examples
The example below displays information about all REST access-control roles:
cluster1::> security login rest-role show Role Access Vserver Name API Level ---------- ------------- ----------- ----------- vs vsrole1 /api none vs vsrole1 /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/files all vs vsrole1 /api/storage/volumes/f8a541b5-b68c-11ea-9581-005056bbabe6/snapshots readonly vs vsrole1 /api/storage/volumes/843b87f9-2f5e-11ec-9524-005056bb0bee/snapshots read_create vs vsrole1 /api/svm/svms/843b87f9-2f5e-11ec-9524-005056bb0bee/top-metrics/clients read_create cluster1 readonly /api/storage none cluster1 custom /api/cluster read_modify cluster1 custom /api/security/accounts read_create_modify cluster1 custom /api/storage/volumes/*/top-metrics/users readonly cluster1 custom /api/storage/volumes/*/snapshots all cluster1::>