Add a privilege tuple to an existing role
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
POST /security/roles/{owner.uuid}/{name}/privileges
Introduced In: 9.6
Adds a privilege tuple (of REST URI and its access level) to an existing role.
Required parameters
-
owner.uuid
- UUID of the SVM that houses this role. -
name
- Name of the role to be updated. -
path
- REST URI path (example: /api/storage/volumes). Can be a resource-qualified endpoint (example: /api/storage/volumes/43256a71-be02-474d-a2a9-9642e12a6a2c/snapshots). Currently, resource-qualified endpoints are limited to the "snapshots" endpoint: /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes//snapshots. "" is a wildcard character denoting "all" volumes. -
access
- Desired access level for the REST URI path (one of "all", "readonly" or "none").
Related ONTAP commands
-
security login rest-role create
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
owner.uuid |
string |
path |
True |
Role owner UUID |
name |
string |
path |
True |
Role name |
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
access |
string |
Access level for the REST endpoint. |
path |
string |
REST URI/endpoint |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"access": "readonly",
"path": "/api/storage/volumes"
}
Response
Status: 201, Created
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
5636129 |
A role with given name has not been defined. |
5636143 |
A Vserver admin cannot use the API with this access level. |
5636144 |
The value specified for the access level is not valid. |
5636169 |
A character in the URI is not valid. |
5636170 |
The URI does not exist. |
5636173 |
This feature requires an effective cluster version of 9.6 or later. |
5636175 |
Vserver admin cannot have access to given API. |
5636184 |
Expanded REST roles for granular resource control feature is currently disabled. |
5636185 |
The specified UUID was not found. |
5636186 |
Expanded REST roles for granular resource control requires an effective cluster version of 9.10.1 or later. |
13434890 |
Vserver-ID failed for Vserver roles. |
13434891 |
UUID LookUp failed for Vserver roles. |
13434892 |
Roles is a required field. |
13434893 |
The SVM does not exist. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
role_privilege
A tuple containing the REST endpoint and the access level assigned to that endpoint. The REST endpoint can be a resource-qualified endpoint. At present, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes//snapshots. "" is a wildcard character denoting "all" volumes.
Name | Type | Description |
---|---|---|
_links |
||
access |
string |
Access level for the REST endpoint. |
path |
string |
REST URI/endpoint |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |