How to create a single role assigned only with the necessary APIs?
Applies to
ONTAP 9
Answer
To create and assign a role that includes only the necessary APIs, please refer to the following example:
- Create a Security Role:
To create a new role, use the `
Note:
Here, `
security login role create
` command. For instance, to create a new role with read-only access permissions, execute the following:security login role create -vserver vserver_name -role role_name -cmddirname "API_or_COMMAND" -access readonly
Note:
Here, `
vserver_name
` is the name of the Vserver, `role_name
` is the name of the role to be created, `API_or_COMMAND
` is the directory name of the command or API to which access is granted, and `readonly
` signifies read-only access. Other access levels such as `none
` or `all
` can also be used.- Assign the Role to a User:
To assign the new role to a user, use the `
Note:
Here, `
security login create
` or `security login modify
` command. For example, to assign a new role to an existing user, execute the following:security login modify -vserver vserver_name -username user_name -role role_name
Note:
Here, `
vserver_name
` is the name of the Vserver, `user_name
` is the name of the user, and `role_name
` is the name of the role to be assigned.- Verify the Configuration:
To confirm that the settings have been correctly applied, use the `
security login role show
` or `security login show
` commands to check the role and user configurations.Note:
- Operating on the ONTAP command line requires caution.
- Executing an incorrect command could potentially impact the system, so ensure you have a thorough understanding and have confirmed the commands before execution.
- Additionally, the commands provided above are examples, and you must specify the correct parameters according to the actual environment and requirements.
Additional Information
additionalInformation_text