Skip to main content

security dynamic-authorization rule create

Contributors
Suggest changes

Add a dynamic authorization rule

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security dynamic-authorization rule create command creates a custom dynamic authorization rule for an operation. By default, the set of operations subject to dynamic authorization is the same as the default Multi-Admin-Verify (MAV) set of commands. Additional operations can be configured using the security dynamic-authorization rule create command.

Parameters

-vserver <vserver name> - Vserver

This parameter optionally specifies the Vserver associated with the custom dynamic authorization rule.

-operation <Command or Command Directory> - Command or Command Directory

This parameter specifies the operation for the custom dynamic authorization rule to be created. The operation can be a command or command directory.

-query <query> - Query

This parameter optionally specifies the object (or objects) upon which to apply the operation. Any field or query supported by the operation can be supplied. If a query is not specified for the rule, the rule applies to all objects of the specified operation. The query object must be enclosed in double quotation marks ("").

Examples

The following command creates a custom dynamic authorization rule for the job delete operation for the Administrative Vserver. This rule is applicable only to job objects whose job ID is greater than 50.

cluster1::> security dynamic-authorization rule create -operation "job delete" -query "-id >50"

The following command creates a custom dynamic authorization rule for the snapmirror policy create operation for the data Vserver vs1.example.com . This rule is applicable only to SnapMirror policies of type other than async-mirror .

cluster1::> security dynamic-authorization rule create -vserver vs1.example.com -operation "snapmirror policy create" -query "-type !async-mirror"