Skip to main content

security oauth2 scope cli-to-scope generate

Contributors
Suggest changes

Generate OAuth 2.0 scope for the given CLI REST role creation command parameters

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security oauth2 scope cli-to-scope generate command generates on ONTAP-specific OAuth 2.0 scope string based on local ONTAP custom roles created using security login rest-role create.

Parameters

-role <text> - Role name

The role name as in the security login rest-role create -role parameter. This parameter is required.

-access <text> - Access level

The access level as in the security login rest-role create -access parameter. Valid access levels are none, readonly, all, read_create, read_modify and read_create_modify. This parameter is required.

[-api <text>] - API path

The REST API URI as in the security login rest-role create -api parameter. Valid APIs start with /api/. This parameter is required.

[-cluster-uuid <text>] - Cluster UUID

The cluster UUID for which this scope applies. This parameter is optional. If not specified, the OAuth 2.0 scope is applicable to all clusters

Examples

To generate the OAuth 2.0 scope string applicable to all clusters for an ONTAP role named myrole for the REST API URI /api/cluster with admin (all) access:

cluster1::gt; security oauth2 scope cli-to-scope generate -role myrole -api /api/cluster -access all -cluster-uuid *
ontap:*:myrole:all:*:/api/cluster