Skip to main content
NetApp Knowledgebase

VSC, VASA, and SRA 7.0 ONTAP RBAC Configuration

Applies to

  • Virtual Storage Console 
  • VMware

Answer

This KB details the required ONTAP commands and role creation necessary for proper function of VSC, VASA, and SRA 7.0 in a VMware environment.

VSC, VASA, and SRA 7.0 ONTAP RBAC Configuration

Starting with VSC, VASA, and SRA 7.0, these applications now share a virtual appliance, referred to as the NetApp Unified Appliance.
For the most recent information on supported configurations, see the Interoperability Matrix Tool (IMT).

To control what access permission the users have and perform access against, both vCenter and ONTAP utilize Role Base Access Control (RBAC).
This KB covers what commands and capabilities are required within ONTAP.

VMware vCenter Server RBAC:
For information on configuring the vCenter users for appropriate SRM RBAC, refer VMware Site Recovery Manager 6.1 Documentation Center.
VSC and VASA install the necessary vCenter RBAC capabilities; for additional information refer to the 'vCenter Server role-based access control features in VSC for VMware vSphere' section of the Virtual Storage Console, VASA Provider, and Storage Replication Adapter for VMware vSphere - Deployment and Setup Guide for 7.0 Release.

ONTAP RBAC Notes:
VSC 7.0 can access ONTAP at either the cluster level or at the SVM level (sometimes referred to in NetApp documentation as ‘direct connected SVMs’).

SRA 7.0 can access ONTAP at either the cluster level or at the SVM level.
If adding storage at the cluster level, the admin account will provide all capabilities SRA might need. However, if adding storage by directly connecting SRA 4.0 to an SVM, it should be noted that vsadmin does not have all of the necessary roles and capabilities to perform its necessary actions.

VASA 7.0 can only access ONTAP at the cluster level. This means that if VASA is required for a particular storage controller, it must be added in VSC at the cluster level (not directly adding the SVM), even if using VSC and/or SRA.

This section lists all of the required ONTAP capabilities and follows this up with the commands to facilitate user creation.

The following is the workflow for creating a new user and connecting the cluster/SVM to VSC, VASA, and SRA:

  1. In ONTAP, create the appropriate role with required commands

  2. In ONTAP, create the user with the role assigned and the appropriate application set

 

These are the recommended ONTAP RBAC roles for VSC, VASA, and SRA. Note that in ONTAP only one ONTAP role can be assigned per user. This means that if VSC needs to be able to perform more than one of these roles, all capabilities indicated below need to be assigned to the user being used for the storage controller or SVM credential in VSC.

Note: The RBAC User Creator for Data ONTAP tool is available on the NetApp Support site in the ToolChest to help set up ONTAP RBAC roles.

VSC Roles (Cluster or SVM level)
  • Discovery - This role allows for the discovery of all the connected storage controllers.

  • Create Storage - This role allows for the creation of volumes and logical unit number (LUNs).

  • Modify Storage - This role allows for the resizing and deduplicating of storage.

  • Destroy Storage - This role allows for the destruction of volumes and LUNs

VASA Roles (Cluster level only):

  • Policy Based Management - This role allows for policy-based management of storage using storage capabilities.

SRA Roles (Cluster or SVM level):

  • SRA NAS/SAN Role - This role allows for the discovery of all the connected storage controllers in a NAS or SAN only on VMware SRM environment.

Note that it is not necessary to create roles at both the cluster and SVM level. Roles should be created where access is needed (e.g either at the cluster or the SVM).

ONTAP command access required
Discovery Role (VSC)

Cluster level:
Commands requiring ‘all’ level ONTAP access (Cluster):

  • network interface migrate

  • security login role show-user-capability

  • set

  • storage failover show

  • system node run

  • volume efficiency stat

  • job

Commands requiring 'readonly' level ONTAP access (Cluster):  

  • cluster identity show

  • cluster peer show

  • cluster show

  • lun geometry

  • lun igroup show

  • lun show

  • network fcp adapter show

  • network interface show

  • network port show

  • security login role show-ontapi

  • security login role show

  • security login show

  • snapmirror show

  • storage aggregate show

  • storage disk show

  • system health alert show

  • system health status show

  • system license show

  • system node run

  • system node show

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver show

  • lun mapping show

  • snapmirror list-destinations

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

  • security login role show-user-capability

  • set

  • event generate-autosupport-log

  • volume efficiency stat

  • snapmirror show

  • job

Commands requiring ‘readonly’ level ONTAP access (SVM):

  • lun geometry

  • lun igroup show

  • lun show

  • network interface

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver

  • lun mapping show

  • snapmirror list-destinations

Create Storage Role (VSC)

Cluster Level

Commands requiring ‘all’ level ONTAP access (Cluster):

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move

  • lun online

  • snapmirror update-ls-set

  • system node autosupport invoke

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • vserver services name-service unix-group

  • vserver services name-service unix-user

  • lun mapping create

  • lun mapping delete

  • qos policy-group create

Commands requiring 'readonly' level ONTAP access (Cluster):

  • job show-completed

  • snapmirror show

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • snapmirror list-destinations

SVM Level

Commands requiring ‘all’ level ONTAP access (SVM):

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move cancel

  • lun move modify

  • lun move pause

  • lun move recover-source

  • lun move resume

  • lun move show

  • lun move show-by-job-info

  • lun move start

  • lun online

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • snapmirror abort

  • snapmirror break

  • snapmirror check

  • snapmirror create

  • snapmirror delete

  • snapmirror get-volume-status

  • snapmirror initialize

  • snapmirror list-destinations

  • snapmirror modify

  • snapmirror quiesce

  • snapmirror release

  • snapmirror restore

  • snapmirror resume

  • snapmirror resync

  • snapmirror show

  • snapmirror update

  • snapmirror policy add-rule

  • snapmirror policy create

  • snapmirror policy delete

  • snapmirror policy modify

  • snapmirror policy modify-rule

  • snapmirror policy remove-rule

  • snapmirror policy show

  • snapmirror snapshot-owner create

  • snapmirror snapshot-owner delete

  • snapmirror snapshot-owner show

  • snapmirror update-ls-set

  • lun mapping create

  • lun mapping delete

  • vserver services name-service unix-group adduser

  • vserver services name-service unix-group addusers

  • vserver services name-service unix-group create

  • vserver services name-service unix-group delete

  • vserver services name-service unix-group deluser

  • vserver services name-service unix-group load-from-uri

  • vserver services name-service unix-group modify

  • vserver services name-service unix-group show

  • vserver services name-service unix-group file show

  • vserver services name-service unix-group file status

  • vserver services name-service unix-group file-only modify

  • vserver services name-service unix-group file-only show

  • vserver services name-service unix-user create

  • vserver services name-service unix-user delete

  • vserver services name-service unix-user load-from-uri

  • vserver services name-service unix-user modify

  • vserver services name-service unix-user show

  • vserver services name-service unix-user file show

  • vserver services name-service unix-user file status

  • vserver services name-service unix-user file-only modify

  • vserver services name-service unix-user file-only show

Commands requiring ‘readonly’ level ONTAP access (SVM):

  • job show-completed

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • lun mapping show

Modify Storage Role (VSC)

Cluster Level:
Commands requiring ‘all’ level ONTAP access (Cluster):

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

Destroy Storage Role (VSC)

Cluster Level:

Commands requiring ‘all’ level ONTAP access (Cluster):

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

Policy Based Management Role (VASA)

Cluster Level:
Commands requiring ‘all’ level ONTAP access (Cluster):

  • event generate-autosupport-log

  • lun

  • qos policy-group create

  • qos policy-group show

  • security login role show-user-capability

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • volume

  • vserver export-policy create

  • vserver export-policy delete

  • vserver export-policy rule create

  • vserver export-policy rule delete

  • vserver export-policy rule setindex

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi create

  • vserver iscsi show

  • vserver iscsi start

  • vserver nfs status

  • vserver nfs show

  • vserver peer show

  • vserver show

Commands requiring 'readonly' level ONTAP access (Cluster):

  • cluster identity show

  • cluster peer show

  • cluster show

  • job schedule cron show

  • metrocluster show

  • network fcp adapter show

  • network interface show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • version

SRA NAS/SAN Role

Cluster Level:
Commands requiring 'all' level ONTAP access (Cluster):

  • lun

  • qos policy-group create

  • qos policy-group show

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create     

  • snapmirror list-destinations

  • snapmirror create

  • network

  • job

  • event generate-autosupport-log

Commands requiring 'readonly' level ONTAP access (Cluster):

  • cluster identity show

  • cluster peer show

  • cluster show

  • metrocluster show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create     

  • snapmirror list-destinations

  • snapmirror create

  • network

  • lun show

  • lun set space-alloc

  • lun set reservation

  • lun set dev_id

  • lun portset show

  • lun portset remove

  • lun portset delete

  • lun portset create

  • lun portset add

  • lun persistent-reservation clear

  • lun modify

  • lun online

  • lun mapping show

  • lun mapping delete

  • lun mapping create

  • lun igroup add

  • lun igroup unbind

  • lun igroup show

  • lun igroup set

  • lun igroup rename

  • lun igroup remove

  • lun igroup modify

  • lun igroup disable-aix-support

  • lun igroup delete

  • lun igroup create

  • lun create

  • job

  • event generate-autosupport-log

Commands requiring 'readonly' level ONTAP access (SVM):

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

Commands to create roles

Note: indicates the name of the Cluster management vServer (SVM).
<vserver_name> indicates the name of the data vServer (SVM).
Creating the role and user can be done through the System Manager interface, however, given the number of commands being specified.It is more efficient to perform this action through the ONTAP command line or APIs.

These roles are not fully inclusive for each other. This means, that if a VSC deployment needs Discovery, Create Storage, Modify Storage, Destroy Storage, VASA Policy Based Management, and SRA NAS/SAN Discovery capabilities on a single cluster, a single role must be created with all of those commands added. It should be noted that between the VSC roles, the VASA role, and the SRA role, there are a few duplicate commands. After the discrete roles listed below, there is a roll up of all cluster level commands and a roll up of all SVM level commands, with the duplicates removed, to aid in faster configuration.

Discovery (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "network interface"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

Create Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"


SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move cancel"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move pause"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move recover-source"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show-by-job-info"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror check"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror get-volume-status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror restore"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy add-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy remove-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group adduser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group addusers"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group deluser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"


Modify Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume size"


SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume size"

Destroy Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"


SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"

Policy Based Management Role (VASA)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"

SRA NAS/SAN Role

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"


SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set space-alloc"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set dev_id"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun persistent-reservation clear"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup unbind"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup rename"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup disable-aix-support"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun persistent-reservation show"

Roll up of all commands for VSC, VASA, and SRA for cluster level:
Note: Duplicates removed

security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume size"

Additional Information

additionalInformation_text