security oauth2 scope cli-to-scope generate
Generate OAuth 2.0 scope for the given CLI REST role creation command parameters
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security oauth2 scope cli-to-scope generate
command generates on ONTAP-specific OAuth 2.0 scope string based on local ONTAP custom roles created using security login rest-role create.
Parameters
-role <text>
- Role name-
The role name as in the security login rest-role create -role parameter. This parameter is required.
-access <text>
- Access level-
The access level as in the security login rest-role create -access parameter. Valid access levels are none, readonly, all, read_create, read_modify and read_create_modify. This parameter is required.
[-api <text>]
- API path-
The REST API URI as in the security login rest-role create -api parameter. Valid APIs start with /api/. This parameter is required.
[-cluster-uuid <text>]
- Cluster UUID-
The cluster UUID for which this scope applies. This parameter is optional. If not specified, the OAuth 2.0 scope is applicable to all clusters
Examples
To generate the OAuth 2.0 scope string applicable to all clusters for an ONTAP role named myrole for the REST API URI /api/cluster with admin (all) access:
cluster1::gt; security oauth2 scope cli-to-scope generate -role myrole -api /api/cluster -access all -cluster-uuid * ontap:*:myrole:all:*:/api/cluster