Skip to main content
A newer release of this product is available.

Retrieve a list of roles configured in the cluster

Contributors
PDFs

GET /security/roles

Introduced In: 9.6

Retrieves a list of roles configured in the cluster.

  • security login rest-role show

  • security login role show

Learn more

Parameters

Name Type In Required Description

comment

string

query

False

Filter by comment

  • Introduced in: 9.11

privileges.path

string

query

False

Filter by privileges.path

  • Introduced in: 9.7

privileges.query

string

query

False

Filter by privileges.query

  • Introduced in: 9.11

privileges.access

string

query

False

Filter by privileges.access

  • Introduced in: 9.7

name

string

query

False

Filter by name

  • Introduced in: 9.7

builtin

boolean

query

False

Filter by builtin

  • Introduced in: 9.7

owner.uuid

string

query

False

Filter by owner.uuid

  • Introduced in: 9.7

owner.name

string

query

False

Filter by owner.name

  • Introduced in: 9.7

scope

string

query

False

Filter by scope

  • Introduced in: 9.7

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[role]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "comment": "string",
    "name": "admin",
    "owner": {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "name": "svm1",
      "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
    },
    "privileges": {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "access": "readonly",
      "path": [
        "/api/cluster/jobs",
        "/api/storage/volumes",
        "job schedule interval",
        "volume move"
      ],
      "query": [
        "-days <1 -hours >12",
        "-vserver vs1|vs2|vs3 -destination-aggregate aggr1|aggr2"
      ]
    },
    "scope": "cluster"
  }
}

Error

Status: Default, Error
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

next

href

self

href

_links

Name Type Description

self

href

owner

Owner name and UUID that uniquely identifies the role.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

role_privilege

A tuple containing a REST endpoint or a command/command directory path and the access level assigned to that endpoint or command/command directory. If the "path" attribute refers to a command/command directory path, the tuple could additionally contain an optional query. The REST endpoint can be a resource-qualified endpoint. At present, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes//snapshots. "" is a wildcard character denoting "all" volumes.

Name Type Description

_links

_links

access

string

Access level for the REST endpoint or command/command directory path. If it denotes the access level for a command/command directory path, the only supported enum values are 'none','readonly' and 'all'.

path

string

Either of REST URI/endpoint OR command/command directory path.

query

string

Optional attribute that can be specified only if the "path" attribute refers to a command/command directory path. The privilege tuple implicitly defines a set of objects the role can or cannot access at the specified access level. The query further reduces this set of objects to a subset of objects that the role is allowed to access. The query attribute must be applicable to the command/command directory specified by the "path" attribute. It is defined using one or more parameters of the command/command directory path specified by the "path" attribute.

role

A named set of privileges that defines the rights an account has when it is assigned the role.

Name Type Description

_links

_links

builtin

boolean

Indicates if this is a built-in (pre-defined) role which cannot be modified or deleted.

comment

string

Comment

name

string

Role name

owner

owner

Owner name and UUID that uniquely identifies the role.

privileges

array[role_privilege]

The list of privileges that this role has been granted.

scope

string

Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.