Skip to main content

Retrieve privilege details of the specified role

Contributors

GET /security/roles/{owner.uuid}/{name}/privileges

Introduced In: 9.6

Retrieves privilege details of the specified role.

  • security login rest-role show

  • security login role show

Parameters

Name Type In Required Description

owner.uuid

string

path

True

Role owner UUID

name

string

path

True

Role name

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[role_privilege]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "access": "all",
      "path": "volume move start",
      "query": "-vserver vs1|vs2|vs3 -destination-aggregate aggr1|aggr2"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

role_privilege

A tuple containing a REST endpoint or a command/command directory path and the access level assigned to that endpoint or command/command directory. If the "path" attribute refers to a command/command directory path, the tuple could additionally contain an optional query. The REST endpoint can be a resource-qualified endpoint. At present, the only supported resource-qualified endpoints are the following

Snapshots APIs

  • /api/storage/volumes/{volume.uuid}/snapshots

File System Analytics APIs

  • /api/storage/volumes/{volume.uuid}/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/clients

  • /api/storage/volumes/{volume.uuid}/top-metrics/directories

  • /api/storage/volumes/{volume.uuid}/top-metrics/files

  • /api/storage/volumes/{volume.uuid}/top-metrics/users

  • /api/svm/svms/{svm.uuid}/top-metrics/clients

  • /api/svm/svms/{svm.uuid}/top-metrics/directories

  • /api/svm/svms/{svm.uuid}/top-metrics/files

  • /api/svm/svms/{svm.uuid}/top-metrics/users

  • /api/protocols/s3/services/{svm.uuid}/users

In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs. The {volume.uuid} refers to the -instance-uuid field value in the "volume show" command output at diagnostic privilege level. It can also be fetched through REST endpoint /api/storage/volumes.

Name Type Description

_links

_links

access

string

Access level for the REST endpoint or command/command directory path. If it denotes the access level for a command/command directory path, the only supported enum values are 'none','readonly' and 'all'.

path

string

Either of REST URI/endpoint OR command/command directory path.

query

string

Optional attribute that can be specified only if the "path" attribute refers to a command/command directory path. The privilege tuple implicitly defines a set of objects the role can or cannot access at the specified access level. The query further reduces this set of objects to a subset of objects that the role is allowed to access. The query attribute must be applicable to the command/command directory specified by the "path" attribute. It is defined using one or more parameters of the command/command directory path specified by the "path" attribute.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.