VSC, VASA, and SRA 7.0 ONTAP RBAC Configuration

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,201

Visibility:: Public

Votes:: 1

Category:: virtual-storage-console-for-vmware-vsphere

Specialty:: virt

Last Updated:

Applies to

Virtual Storage Console
VMware

Answer

This KB details the required ONTAP commands and role creation necessary for proper function of VSC, VASA, and SRA 7.0 in a VMware environment.

VSC, VASA, and SRA 7.0 ONTAP RBAC Configuration

Starting with VSC, VASA, and SRA 7.0, these applications now share a virtual appliance, referred to as the NetApp Unified Appliance.
For the most recent information on supported configurations, see the Interoperability Matrix Tool (IMT).

To control what access permission the users have and perform access against, both vCenter and ONTAP utilize Role Base Access Control (RBAC).
This KB covers what commands and capabilities are required within ONTAP.

VMware vCenter Server RBAC:
For information on configuring the vCenter users for appropriate SRM RBAC, refer VMware Site Recovery Manager 6.1 Documentation Center.
VSC and VASA install the necessary vCenter RBAC capabilities; for additional information refer to the 'vCenter Server role-based access control features in VSC for VMware vSphere' section of the Virtual Storage Console, VASA Provider, and Storage Replication Adapter for VMware vSphere - Deployment and Setup Guide for 7.0 Release.

ONTAP RBAC Notes:
VSC 7.0 can access ONTAP at either the cluster level or at the SVM level (sometimes referred to in NetApp documentation as ‘direct connected SVMs’).

SRA 7.0 can access ONTAP at either the cluster level or at the SVM level.
If adding storage at the cluster level, the admin account will provide all capabilities SRA might need. However, if adding storage by directly connecting SRA 4.0 to an SVM, it should be noted that vsadmin does not have all of the necessary roles and capabilities to perform its necessary actions.

VASA 7.0 can only access ONTAP at the cluster level. This means that if VASA is required for a particular storage controller, it must be added in VSC at the cluster level (not directly adding the SVM), even if using VSC and/or SRA.

This section lists all of the required ONTAP capabilities and follows this up with the commands to facilitate user creation.

The following is the workflow for creating a new user and connecting the cluster/SVM to VSC, VASA, and SRA:

In ONTAP, create the appropriate role with required commands
In ONTAP, create the user with the role assigned and the appropriate application set

These are the recommended ONTAP RBAC roles for VSC, VASA, and SRA. Note that in ONTAP only one ONTAP role can be assigned per user. This means that if VSC needs to be able to perform more than one of these roles, all capabilities indicated below need to be assigned to the user being used for the storage controller or SVM credential in VSC.

Note: The RBAC User Creator for Data ONTAP tool is available on the NetApp Support site in the ToolChest to help set up ONTAP RBAC roles.

VSC Roles (Cluster or SVM level)

Discovery - This role allows for the discovery of all the connected storage controllers.
Create Storage - This role allows for the creation of volumes and logical unit number (LUNs).
Modify Storage - This role allows for the resizing and deduplicating of storage.
Destroy Storage - This role allows for the destruction of volumes and LUNs

VASA Roles (Cluster level only):

Policy Based Management - This role allows for policy-based management of storage using storage capabilities.

SRA Roles (Cluster or SVM level):

SRA NAS/SAN Role - This role allows for the discovery of all the connected storage controllers in a NAS or SAN only on VMware SRM environment.

Note that it is not necessary to create roles at both the cluster and SVM level. Roles should be created where access is needed (e.g either at the cluster or the SVM).

ONTAP command access required

Discovery Role (VSC)

Cluster level:
Commands requiring ‘all’ level ONTAP access (Cluster):

network interface migrate
security login role show-user-capability
set
storage failover show
system node run
volume efficiency stat
job

Commands requiring 'readonly' level ONTAP access (Cluster):

cluster identity show
cluster peer show
cluster show
lun geometry
lun igroup show
lun show
network fcp adapter show
network interface show
network port show
security login role show-ontapi
security login role show
security login show
snapmirror show
storage aggregate show
storage disk show
system health alert show
system health status show
system license show
system node run
system node show
version
volume efficiency show
volume qtree show
volume quota report
volume quota show
volume show
vserver export-policy rule show
vserver export-policy show
vserver fcp initiator show
vserver fcp interface show
vserver fcp show
vserver iscsi show
vserver nfs show
vserver nfs status
vserver show
lun mapping show
snapmirror list-destinations

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

security login role show-user-capability
set
event generate-autosupport-log
volume efficiency stat
snapmirror show
job

Commands requiring ‘readonly’ level ONTAP access (SVM):

lun geometry
lun igroup show
lun show
network interface
version
volume efficiency show
volume qtree show
volume quota report
volume quota show
volume show
vserver export-policy rule show
vserver export-policy show
vserver fcp initiator show
vserver fcp interface show
vserver fcp show
vserver iscsi show
vserver nfs show
vserver nfs status
vserver
lun mapping show
snapmirror list-destinations

Create Storage Role (VSC)

Cluster Level

Commands requiring ‘all’ level ONTAP access (Cluster):

lun comment
lun create
lun igroup add
lun igroup create
lun igroup set
lun igroup show
lun modify
lun move
lun online
snapmirror update-ls-set
system node autosupport invoke
volume autosize
volume clone create
volume create
volume efficiency on
volume efficiency show
volume efficiency start
volume efficiency stop
volume modify
volume restrict
volume snapshot create
volume snapshot delete
volume unmount
vserver export-policy rule create
vserver export-policy rule setindex
vserver iscsi interface accesslist add
vserver nfs status
vserver services name-service unix-group
vserver services name-service unix-user
lun mapping create
lun mapping delete
qos policy-group create

Commands requiring 'readonly' level ONTAP access (Cluster):

job show-completed
snapmirror show
volume snapshot show
vserver fcp initiator show
vserver iscsi connection show
vserver iscsi interface show
vserver iscsi session show
snapmirror list-destinations

SVM Level

Commands requiring ‘all’ level ONTAP access (SVM):

lun comment
lun create
lun igroup add
lun igroup create
lun igroup set
lun igroup show
lun modify
lun move cancel
lun move modify
lun move pause
lun move recover-source
lun move resume
lun move show
lun move show-by-job-info
lun move start
lun online
volume autosize
volume clone create
volume create
volume efficiency on
volume efficiency show
volume efficiency start
volume efficiency stop
volume modify
volume restrict
volume snapshot create
volume snapshot delete
volume unmount
vserver export-policy rule create
vserver export-policy rule setindex
vserver iscsi interface accesslist add
vserver nfs status
snapmirror abort
snapmirror break
snapmirror check
snapmirror create
snapmirror delete
snapmirror get-volume-status
snapmirror initialize
snapmirror list-destinations
snapmirror modify
snapmirror quiesce
snapmirror release
snapmirror restore
snapmirror resume
snapmirror resync
snapmirror show
snapmirror update
snapmirror policy add-rule
snapmirror policy create
snapmirror policy delete
snapmirror policy modify
snapmirror policy modify-rule
snapmirror policy remove-rule
snapmirror policy show
snapmirror snapshot-owner create
snapmirror snapshot-owner delete
snapmirror snapshot-owner show
snapmirror update-ls-set
lun mapping create
lun mapping delete
vserver services name-service unix-group adduser
vserver services name-service unix-group addusers
vserver services name-service unix-group create
vserver services name-service unix-group delete
vserver services name-service unix-group deluser
vserver services name-service unix-group load-from-uri
vserver services name-service unix-group modify
vserver services name-service unix-group show
vserver services name-service unix-group file show
vserver services name-service unix-group file status
vserver services name-service unix-group file-only modify
vserver services name-service unix-group file-only show
vserver services name-service unix-user create
vserver services name-service unix-user delete
vserver services name-service unix-user load-from-uri
vserver services name-service unix-user modify
vserver services name-service unix-user show
vserver services name-service unix-user file show
vserver services name-service unix-user file status
vserver services name-service unix-user file-only modify
vserver services name-service unix-user file-only show

Commands requiring ‘readonly’ level ONTAP access (SVM):

job show-completed
volume snapshot show
vserver fcp initiator show
vserver iscsi connection show
vserver iscsi interface show
vserver iscsi session show
lun mapping show

Modify Storage Role (VSC)

Cluster Level:
Commands requiring ‘all’ level ONTAP access (Cluster):

lun resize
volume efficiency off
volume file show-disk-usage
volume size

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

lun resize
volume efficiency off
volume file show-disk-usage
volume size

Destroy Storage Role (VSC)

Cluster Level:

Commands requiring ‘all’ level ONTAP access (Cluster):

lun delete
lun offline
volume destroy
volume offline

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

lun delete
lun offline
volume destroy
volume offline

Policy Based Management Role (VASA)

Cluster Level:
Commands requiring ‘all’ level ONTAP access (Cluster):

event generate-autosupport-log
lun
qos policy-group create
qos policy-group show
security login role show-user-capability
snapmirror
storage failover show
system node run
system services ndmp
system snmp traphost add
system snmp traphost delete
volume
vserver export-policy create
vserver export-policy delete
vserver export-policy rule create
vserver export-policy rule delete
vserver export-policy rule setindex
vserver export-policy rule show
vserver export-policy show
vserver fcp initiator show
vserver fcp interface show
vserver fcp show
vserver iscsi create
vserver iscsi show
vserver iscsi start
vserver nfs status
vserver nfs show
vserver peer show
vserver show

Commands requiring 'readonly' level ONTAP access (Cluster):

cluster identity show
cluster peer show
cluster show
job schedule cron show
metrocluster show
network fcp adapter show
network interface show
storage aggregate show
storage disk show
system license show
system node show
system snmp show
version

SRA NAS/SAN Role

Cluster Level:
Commands requiring 'all' level ONTAP access (Cluster):

lun
qos policy-group create
qos policy-group show
snapmirror
storage failover show
system node run
system services ndmp
system snmp traphost add
system snmp traphost delete
vserver nfs status
vserver nfs show
vserver nfs modify
vserver nfs delete
vserver nfs create
vserver iscsi start
vserver iscsi show
vserver iscsi modify
vserver iscsi delete
vserver iscsi create
vserver fcp show
vserver fcp modify
vserver fcp delete
vserver fcp create
vserver export-policy show
vserver export-policy rule show
vserver export-policy rule modify
vserver export-policy rule delete
vserver export-policy rule create
vserver export-policy delete
vserver export-policy create
vserver peer show
vserver
volume
volume snapshot show
volume snapshot modify
volume snapshot create
volume show
volume quota report
volume qtree show
volume qtree create
volume mount
volume unmount
volume modify
volume offline
volume online
volume file show-filehandle
volume file show-disk-usage
volume file reservation
volume file clone show-autodelete-list
volume file clone create
volume file clone autodelete
volume efficiency show
volume efficiency modify
volume destroy
volume create
volume clone show
volume clone create
snapmirror abort
snapmirror break
snapmirror show
snapmirror delete
snapmirror initialize
snapmirror quiesce
snapmirror release
snapmirror resync
snapmirror update
snapmirror policy show
snapmirror policy modify
snapmirror policy delete
snapmirror policy create
snapmirror list-destinations
snapmirror create
network
job
event generate-autosupport-log

Commands requiring 'readonly' level ONTAP access (Cluster):

cluster identity show
cluster peer show
cluster show
metrocluster show
storage aggregate show
storage disk show
system license show
system node show
system snmp show
vserver peer show
vserver fcp interface show
vserver fcp initiator show
version
security login role
lun persistent-reservation show

SVM Level:
Commands requiring ‘all’ level ONTAP access (SVM):

vserver nfs status
vserver nfs show
vserver nfs modify
vserver nfs delete
vserver nfs create
vserver iscsi start
vserver iscsi show
vserver iscsi modify
vserver iscsi delete
vserver iscsi create
vserver fcp show
vserver fcp modify
vserver fcp delete
vserver fcp create
vserver export-policy show
vserver export-policy rule show
vserver export-policy rule modify
vserver export-policy rule delete
vserver export-policy rule create
vserver export-policy delete
vserver export-policy create
vserver peer show
vserver
volume snapshot show
volume snapshot modify
volume snapshot create
volume show
volume quota report
volume qtree show
volume qtree create
volume mount
volume unmount
volume modify
volume offline
volume online
volume file show-filehandle
volume file show-disk-usage
volume file reservation
volume file clone show-autodelete-list
volume file clone create
volume file clone autodelete
volume efficiency show
volume efficiency modify
volume destroy
volume create
volume clone show
volume clone create
snapmirror abort
snapmirror break
snapmirror show
snapmirror delete
snapmirror initialize
snapmirror quiesce
snapmirror release
snapmirror resync
snapmirror update
snapmirror policy show
snapmirror policy modify
snapmirror policy delete
snapmirror policy create
snapmirror list-destinations
snapmirror create
network
lun show
lun set space-alloc
lun set reservation
lun set dev_id
lun portset show
lun portset remove
lun portset delete
lun portset create
lun portset add
lun persistent-reservation clear
lun modify
lun online
lun mapping show
lun mapping delete
lun mapping create
lun igroup add
lun igroup unbind
lun igroup show
lun igroup set
lun igroup rename
lun igroup remove
lun igroup modify
lun igroup disable-aix-support
lun igroup delete
lun igroup create
lun create
job
event generate-autosupport-log

Commands requiring 'readonly' level ONTAP access (SVM):

vserver peer show
vserver fcp interface show
vserver fcp initiator show
version
security login role
lun persistent-reservation show

Commands to create roles

Note: indicates the name of the Cluster management vServer (SVM).
<vserver_name> indicates the name of the data vServer (SVM).
Creating the role and user can be done through the System Manager interface, however, given the number of commands being specified.It is more efficient to perform this action through the ONTAP command line or APIs.

These roles are not fully inclusive for each other. This means, that if a VSC deployment needs Discovery, Create Storage, Modify Storage, Destroy Storage, VASA Policy Based Management, and SRA NAS/SAN Discovery capabilities on a single cluster, a single role must be created with all of those commands added. It should be noted that between the VSC roles, the VASA role, and the SRA role, there are a few duplicate commands. After the discrete roles listed below, there is a roll up of all cluster level commands and a roll up of all SVM level commands, with the duplicates removed, to aid in faster configuration.

Discovery (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "security login role show-user-capability" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "set" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stat" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun geometry" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "network interface" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

Create Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun comment" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move cancel" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move pause" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move recover-source" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move resume" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show-by-job-info" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move start" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume autosize" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency on" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency start" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stop" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume restrict" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule setindex" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror check" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror get-volume-status" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror restore" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resume" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy add-rule" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify-rule" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy remove-rule" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update-ls-set" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group adduser" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group addusers" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group deluser" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group load-from-uri" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file status" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user load-from-uri" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file status" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "job show-completed" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi connection show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi interface show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi session show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"

Modify Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun resize" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume size"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun resize" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency off" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume size"

Destroy Storage (VSC)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun offline" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"

Policy Based Management Role (VASA)

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"

SRA NAS/SAN Role

Cluster Level:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"

SVM Level:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi start" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume mount" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume online" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-filehandle" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file reservation" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone show-autodelete-list" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone autodelete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "network" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set space-alloc" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set reservation" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set dev_id" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset remove" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset add" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun persistent-reservation clear" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup unbind" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup rename" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup remove" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup modify" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup disable-aix-support" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup delete" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job" security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "security login role" security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun persistent-reservation show"

Roll up of all commands for VSC, VASA, and SRA for cluster level:
Note: Duplicates removed

security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show" security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show" security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "lun resize" security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off" security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage" security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume size"

Additional Information

additionalInformation_text

Applies to

Answer

VSC Roles (Cluster or SVM level)

ONTAP command access required

Discovery Role (VSC)

Create Storage Role (VSC)

Modify Storage Role (VSC)

Destroy Storage Role (VSC)

Policy Based Management Role (VASA)

SRA NAS/SAN Role

Commands to create roles

Discovery (VSC)

Create Storage (VSC)

Modify Storage (VSC)

Destroy Storage (VSC)

Policy Based Management Role (VASA)

SRA NAS/SAN Role

Roll up of all commands for VSC, VASA, and SRA for cluster level: Note: Duplicates removed

Additional Information

Roll up of all commands for VSC, VASA, and SRA for cluster level:
Note: Duplicates removed