security multi-admin-verify rule create
Create a rule
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The security multi-admin-verify rule create
command creates a rule for the specified ONTAP operation.
Parameters
[-vserver <vserver>]
- Vserver-
This specifies Vserver information for which the rule should be associated with. This is an optional parameter. This parameter defaults to a Cluster server and supports only Cluster servers.
-operation <text>
- Operation-
This specifies the ONTAP operation information for the rule to be created.
[-auto-request-create {true|false}]
- Automatic Request Creation-
This specifies rule information for the auto request create state. Auto request creation for the rule is enabled by default, by setting this value to true.
[-query <query>]
- Query-
This specifies the query information which is applied to the subset of objects of ONTAP operation of the rule to be created. This is an optional parameter. If a query is not specified for the rule, the rule applies to all objects of the ONTAP operation.
[-required-approvers {<integer>|-}]
- Required Number of Approvers-
This specifies the required number of approvers to approve the ONTAP execution request. This is an optional parameter. If required-approvers is not specified for the rule, the required-approvers from the global setting is applied to the ONTAP operation request. The required-approvers from the global setting can be viewed using the security multi-admin-verify show command. The minimum supported value is 1.
[-approval-groups <text>,…]
- Approval Groups-
This specifies the list of users who can approve the ONTAP operation request. This is an optional parameter. If approval-groups is not specified for the rule, the approval-groups from the global setting is applied to the ONTAP operation request. The approval-groups from the global setting can be viewed using the security multi-admin-verify show command.
[-execution-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>]
- Execution Expiry-
This specifies the amount of time after a request has been approved by which the operation must be executed before the approved execution request expires. This is an optional parameter. If execution-expiry is not specified for the rule, the execution-expiry from the global setting is applied to the ONTAP execution request. The execution-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (
1h
), the minimum supported value is one second (1s
), and the maximum supported value is 14 days (14d
). [-approval-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>]
- Approval Expiry-
This specifies the amount of time after a new execution request is submitted by which approvers have to approve or disapprove the request before the pending execution request expires. This is an optional parameter. If approval-expiry is not specified for the rule, the approval-expiry from the global setting is applied to the ONTAP execution request. The approval-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (
1h
), the minimum supported value is one second (1s
), and the maximum supported value is 14 days (14d
).
Examples
The following example creates a new rule for the ONTAP operation volume delete with 3 required approvers and is applicable to Vserver vs0 objects:
cluster1::> security multi-admin-verify rule create -operation "volume delete" -query "-vserver vs0" -required-approvers 3