[-vserver <vserver>] - Vserver: This specifies Vserver information for which the rule should be associated with. This is an optional parameter. This parameter defaults to a Cluster server and supports only Cluster servers.
-operation <text> - Operation: This specifies the ONTAP operation information for the rule to be created.
[-auto-request-create {true|false}] - Automatic Request Creation: This specifies rule information for the auto request create state. Auto request creation for the rule is enabled by default, by setting this value to true.
[-query <query>] - Query: This specifies the query information which is applied to the subset of objects of ONTAP operation of the rule to be created. This is an optional parameter. If a query is not specified for the rule, the rule applies to all objects of the ONTAP operation.
[-required-approvers {<integer>|-}] - Required Number of Approvers: This specifies the required number of approvers to approve the ONTAP execution request. This is an optional parameter. If required-approvers is not specified for the rule, the required-approvers from the global setting is applied to the ONTAP operation request. The required-approvers from the global setting can be viewed using the security multi-admin-verify show command. The minimum supported value is 1.
[-approval-groups <text>,…] - Approval Groups: This specifies the list of users who can approve the ONTAP operation request. This is an optional parameter. If approval-groups is not specified for the rule, the approval-groups from the global setting is applied to the ONTAP operation request. The approval-groups from the global setting can be viewed using the security multi-admin-verify show command.
[-execution-expiry <[<integer>h][<integer>m][<integer>s]>] - Execution Expiry: This specifies the amount of time after a request has been approved by which the operation must be executed before the approved execution request expires. This is an optional parameter. If execution-expiry is not specified for the rule, the execution-expiry from the global setting is applied to the ONTAP execution request. The execution-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).
[-approval-expiry <[<integer>h][<integer>m][<integer>s]>] - Approval Expiry: This specifies the amount of time after a new execution request is submitted by which approvers have to approve or disapprove the request before the pending execution request expires. This is an optional parameter. If approval-expiry is not specified for the rule, the approval-expiry from the global setting is applied to the ONTAP execution request. The approval-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

Examples

The following example creates a new rule for the ONTAP operation volume delete with 3 required approvers and is applicable to Vserver vs0 objects:

cluster1::> security multi-admin-verify rule create  -operation "volume delete" -query "-vserver vs0" -required-approvers 3

security multi-admin-verify show

ONTAP 9.12.1 commands

security multi-admin-verify rule create

Description

Parameters

Examples

Related Links