ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security multi-admin-verify rule create

    Create a rule

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The security multi-admin-verify rule create command creates a rule for the specified ONTAP operation.

    Parameters

    [-vserver <vserver>] - Vserver

    This specifies Vserver information for which the rule should be associated with. This is an optional parameter. This parameter defaults to a Cluster server and supports only Cluster servers.

    -operation <text> - Operation

    This specifies the ONTAP operation information for the rule to be created.

    [-auto-request-create {true|false}] - Automatic Request Creation

    This specifies rule information for the auto request create state. Auto request creation for the rule is enabled by default, by setting this value to true.

    [-query <query>] - Query

    This specifies the query information which is applied to the subset of objects of ONTAP operation of the rule to be created. This is an optional parameter. If a query is not specified for the rule, the rule applies to all objects of the ONTAP operation.

    [-required-approvers {<integer>|-}] - Required Number of Approvers

    This specifies the required number of approvers to approve the ONTAP execution request. This is an optional parameter. If required-approvers is not specified for the rule, the required-approvers from the global setting is applied to the ONTAP operation request. The required-approvers from the global setting can be viewed using the security multi-admin-verify show command. The minimum supported value is 1.

    [-approval-groups <text>,…​] - Approval Groups

    This specifies the list of users who can approve the ONTAP operation request. This is an optional parameter. If approval-groups is not specified for the rule, the approval-groups from the global setting is applied to the ONTAP operation request. The approval-groups from the global setting can be viewed using the security multi-admin-verify show command.

    [-execution-expiry <[<integer>h][<integer>m][<integer>s]>] - Execution Expiry

    This specifies the amount of time after a request has been approved by which the operation must be executed before the approved execution request expires. This is an optional parameter. If execution-expiry is not specified for the rule, the execution-expiry from the global setting is applied to the ONTAP execution request. The execution-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

    [-approval-expiry <[<integer>h][<integer>m][<integer>s]>] - Approval Expiry

    This specifies the amount of time after a new execution request is submitted by which approvers have to approve or disapprove the request before the pending execution request expires. This is an optional parameter. If approval-expiry is not specified for the rule, the approval-expiry from the global setting is applied to the ONTAP execution request. The approval-expiry from the global setting can be viewed using the security multi-admin-verify show command. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

    Examples

    The following example creates a new rule for the ONTAP operation volume delete with 3 required approvers and is applicable to Vserver vs0 objects:

    cluster1::> security multi-admin-verify rule create  -operation "volume delete" -query "-vserver vs0" -required-approvers 3
    Top of Page