Delete a privilege tuple from the role
Suggest changes
PDFs
DELETE /security/roles/{owner.uuid}/{name}/privileges/{path}
Introduced In: 9.6
Deletes a privilege tuple (of REST URI or command/command directory path, its access level and an optional query) from the role. The REST URI can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files
– /api/storage/volumes/{volume.uuid}/top-metrics/clients
– /api/storage/volumes/{volume.uuid}/top-metrics/directories
– /api/storage/volumes/{volume.uuid}/top-metrics/files
– /api/storage/volumes/{volume.uuid}/top-metrics/users
– /api/svm/svms/{svm.uuid}/top-metrics/clients
– /api/svm/svms/{svm.uuid}/top-metrics/directories
– /api/svm/svms/{svm.uuid}/top-metrics/files
– /api/svm/svms/{svm.uuid}/top-metrics/users
Ontap S3 APIs
– /api/protocols/s3/services/{svm.uuid}/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs. The {volume.uuid} refers to the -instance-uuid field value in the "volume show" command output at diagnostic privilege level. It can also be fetched through REST endpoint /api/storage/volumes.
Required parameters
-
owner.uuid- UUID of the SVM which houses this role. -
name- Name of the role to be updated. -
path- Constituent REST API path or command/command directory path to be deleted from this role. Can be a resource-qualified endpoint (example: /api/svm/svms/43256a71-be02-474d-a2a9-9642e12a6a2c/top-metrics/users). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.
Related ONTAP commands
-
security login rest-role delete -
security login role delete
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
owner.uuid |
string |
path |
True |
Role owner UUID |
name |
string |
path |
True |
Role name |
path |
string |
path |
True |
REST API path or command/command directory path |
Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
1263347 |
Cannot modify pre-defined roles. |
5636168 |
This role is mapped to a rest-role and cannot be modified directly. Modifications must be done with rest-role. |
5636169 |
Specified URI path is invalid or not supported. Resource-qualified endpoints are not supported. |
5636170 |
URI does not exist. |
5636172 |
User accounts detected with this role assigned. Update or delete those accounts before deleting this role. |
5636173 |
This feature requires an effective cluster version of 9.6 or later. |
5636184 |
Expanded REST roles for granular resource control feature is currently disabled. |
5636185 |
The specified UUID was not found. |
5636186 |
Expanded REST roles for granular resource control requires an effective cluster version of 9.10.1 or later. |
13434890 |
Vserver-ID failed for Vserver roles. |
13434893 |
The SVM does not exist. |
Also see the table of common errors in the Response body overview section of this documentation.
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |