Skip to main content
A newer release of this product is available.

Delete a privilege tuple from the role

Contributors
PDFs

DELETE /security/roles/{owner.uuid}/{name}/privileges/{path}

Introduced In: 9.6

Deletes a privilege tuple (of REST URI or command/command directory path, its access level and an optional query) from the role. The REST URI can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:

Snapshots APIs

/api/storage/volumes/{volume.uuid}/snapshots

File System Analytics APIs

/api/storage/volumes/{volume.uuid}/files

/api/storage/volumes/{volume.uuid}/top-metrics/clients

/api/storage/volumes/{volume.uuid}/top-metrics/directories

/api/storage/volumes/{volume.uuid}/top-metrics/files

/api/storage/volumes/{volume.uuid}/top-metrics/users

/api/svm/svms/{svm.uuid}/top-metrics/clients

/api/svm/svms/{svm.uuid}/top-metrics/directories

/api/svm/svms/{svm.uuid}/top-metrics/files

/api/svm/svms/{svm.uuid}/top-metrics/users

Ontap S3 APIs

/api/protocols/s3/services/{svm.uuid}/users

In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs. The {volume.uuid} refers to the -instance-uuid field value in the "volume show" command output at diagnostic privilege level. It can also be fetched through REST endpoint /api/storage/volumes.

Required parameters

  • owner.uuid - UUID of the SVM which houses this role.

  • name - Name of the role to be updated.

  • path - Constituent REST API path or command/command directory path to be deleted from this role. Can be a resource-qualified endpoint (example: /api/svm/svms/43256a71-be02-474d-a2a9-9642e12a6a2c/top-metrics/users). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.

  • security login rest-role delete

  • security login role delete

Learn more

Parameters

Name Type In Required Description

owner.uuid

string

path

True

Role owner UUID

name

string

path

True

Role name

path

string

path

True

REST API path or command/command directory path

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

1263347

Cannot modify pre-defined roles.

5636168

This role is mapped to a rest-role and cannot be modified directly. Modifications must be done with rest-role.

5636169

Specified URI path is invalid or not supported. Resource-qualified endpoints are not supported.

5636170

URI does not exist.

5636172

User accounts detected with this role assigned. Update or delete those accounts before deleting this role.

5636173

This feature requires an effective cluster version of 9.6 or later.

5636184

Expanded REST roles for granular resource control feature is currently disabled.

5636185

The specified UUID was not found.

5636186

Expanded REST roles for granular resource control requires an effective cluster version of 9.10.1 or later.

13434890

Vserver-ID failed for Vserver roles.

13434893

The SVM does not exist.

Also see the table of common errors in the Response body overview section of this documentation.

Name Type Description

error

returned_error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.