Skip to main content

security login rest-role create

Add a REST access control role

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login rest-role create command creates a Representational State Transfer (REST) access-control role. A REST access-control role consists of a role name and an Application Programming Interface (API) to which the role has access. It optionally includes an access level (none, readonly, read_create, read_modify, read_create_modify or all) for the API. After you create a REST access-control role, you can apply it to a management-utility login account by using the security login modify or security login create commands.

Parameters

-vserver <vserver name> - Vserver
This optionally specifies the Vserver name associated with the REST role.
-role <text> - Role Name
This specifies the REST role that is to be created.
-api <text> - API Path
This specifies the API to which the REST role has access. This API can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are /api/storage/volumes/{volume.uuid}/snapshots and /api/storage/volumes/*/snapshots. * is a wildcard character denoting all volumes.
-access {none|readonly|read_create|read_modify|read_create_modify|all} - Access Level
This optionally specifies an access level for the REST role. Possible access level settings are none, readonly, read_create, read_modify, read_create_modify and all.

Examples

The following command creates a REST access-control role named admin for the vs1.example.com Vserver. This REST role has an access-level of all for the /api/storage/volumes API. 

          cluster1::> security login rest-role create -role admin -api "/api/storage/volumes" -access all 
-vserver vs1.example.com

          cluster1::>
The following command creates a REST access-control role named rest_role1 for the cluster1.example.com administrative Vserver. This REST role has an access-level of read_create_modify for the /api/snapmirror/policies API.
          cluster1::> security login rest-role create -role rest_role1 -api "/api/snapmirror/policies" 
-access read_create_modify -vserver cluster1.example.com

          cluster1::>
The following command creates a REST access-control role named vs1_role for the vs1.example.com Vserver. This REST role has an access level of readonly for all snapshots on the volume with UUID f8a541b5-b68c-11ea-9581-005056bbabe6.
          cluster1::> security login rest-role create -role vs1_role -api "/api/storage/volumes/f8a541b5-b68c
-11ea-9581-005056bbabe6/snapshots" -access readonly -vserver vs1.example.com

           Warning: Operating on an alias operates on the target of the specified alias:
           "volume snapshot"

          cluster1::>
Related reference