Restricted RBAC account still able to delete snapshots in OCSMv4
Applies to
- ONTAP
- OCSMv4
Issue
Users with the Command "volume snapshot delete" access level "none" are able to delete snapshots in OnCommand System Manager v4
Netapp::*> security login role show -role snapshot
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
Netapp snapshot DEFAULT all
volume snapshot create all
volume snapshot delete none
volume snapshot modify all
volume snapshot show all