Skip to main content

security dynamic-authorization rule modify

Contributors
Suggest changes
PDFs

Modify a dynamic authorization rule

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security dynamic-authorization rule modify command modifies a custom dynamic authorization rule for an operation. It can be used to modify a custom dynamic authorization rule that was configured using the security dynamic-authorization rule create command.

Parameters

-vserver <vserver name> - Vserver

This parameter optionally specifies the Vserver associated with the custom dynamic authorization rule.

-operation <Command or Command Directory> - Command or Command Directory

This parameter specifies the operation for the custom dynamic authorization rule to be modified. The operation can be a command or command directory.

[-query <query>] - Query

This parameter optionally specifies the object (or objects) upon which to apply the operation. Any field or query supported by the operation can be supplied. If the query is specified as "" i.e., empty, the rule applies to all objects of the specified operation. The query object must be enclosed in double quotation marks ("").

Examples

The following command modifies the query of a custom dynamic authorization rule for the storage encryption disk destroy operation in the Administrative Vserver. The new query disallows destroying of storage encryption disks starting with the name xxxxx_ .

cluster1::> security dynamic-authorization rule modify -operation "storage encryption disk destroy" -query "-disk !xxxxx_*"

The following command resets the query of a custom dynamic authorization rule for the vserver active-directory create operation for the data Vserver vs1.example.com .

cluster1::> security dynamic-authorization rule modify -vserver vs1.example.com -operation "vserver active-directory create" -query ""