Vserver scope MAV functionality

• ONTAP 9
• Multi-Admin Verification

• Users are prompted for MAV approval when running commands from data vserver connection when query rule is present. 
• Users are NOT prompted for MAV approval when running commands from admin vserver when query rule is present. 
• Example:

Stormbreaker::*> multi-admin-verify rule show
  (security multi-admin-verify rule show)
                                                       Required  Approval
Vserver     Operation                                  Approvers Groups
----------- ------------------------------------------ --------- -------------
Stormbreaker
            security login password                    -         -
              Query: -multi-admin-approver true -different-user true
            security login unlock                      -         -
              Query: -username diag
            security multi-admin-verify approval-group create -  -
            security multi-admin-verify approval-group delete -  -
            security multi-admin-verify approval-group modify -  -
            security multi-admin-verify approval-group replace - -
            security multi-admin-verify modify         -         -
            security multi-admin-verify rule create    -         -
            security multi-admin-verify rule delete    -         -
            security multi-admin-verify rule modify    -         -
            set                                        -         -
              Query: -privilege diagnostic
            volume snapshot delete                     -         MAV_group1
              Query: -vserver cifs
12 entries were displayed.

NOTE that in the above output, we are stating that we only want MAV approval for snapshot deletion in the "cifs" vserver. 

• Working Behavior, when executed from admin vserver:

Stormbreaker::> snapshot delete -vserver aws_kms -volume aws_kms_root  -snapshot hourly.2024-04-24_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-04-24_0805" for
         volume "aws_kms_root" in Vserver "aws_kms" ? {y|n}: y

Stormbreaker::> snapshot delete -vserver cifs -volume audit_log -snapshot hourly.2024-04-24_0905

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
         Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 1) is auto-generated and requires approval.
 

• Not-Working behavior when executed from data vserver:

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
         Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 4) is auto-generated and requires approval.

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-05-08_0805" for
         volume "gregg" in Vserver "cifs" ? {y|n}: y

 

aws_kms::> snapshot delete -volume aws_kms_root -snapshot hourly.2024-05-08_0805

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
         Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 5) is auto-generated and requires approval.