ONTAP 9.15.1 commands

security multi-admin-verify modify

Modify multi-admin-verify settings

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security multi-admin-verify modify command is used to modify the Multi-Admin-Verify global settings.

Parameters

[-approval-groups <text>,…​] - List of Global Approval Groups

This specifies the list of global approval groups which are inherited by the rule if the approval-groups is not provided for the rule. The default value is an empty list. The approval-groups should be defined to enable multi-admin verification. The supplied value replaces the list. You can create an approval-group by using the security multi-admin-verify approval-group create command.

[-required-approvers <integer>] - Number of Required Approvers

This specifies the required number of approvers to approve the request which is inherited by the rule if required-approvers is not provided for the rule. The default and minimum number of required approvers is 1.

[-enabled {true|false}] - Is Multi-Admin-Verify Enabled

This specifies the current state. Multi-admin verification is not required to enable the feature. However, it is required to disable the feature. By default, the feature is disabled and the value is set to false. It is recommended that multi-admin-verify is enabled equally on peered ONTAP clusters.

[-execution-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>] - Execution Expiry

This is the amount of time that the authorized users have after a request is approved to execute the requested operation before the request expires. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

[-approval-expiry <[<integer>d][<integer>h][<integer>m][<integer>s]>] - Approval Expiry

This is the amount of time that the approvers have after a new execution request is submitted to approve or disapprove the request before the request expires. The default value is one hour (1h ), the minimum supported value is one second (1s ), and the maximum supported value is 14 days (14d ).

Examples

This command changes the approval groups:

cluster1::> security multi-admin-verify modify -approval-groups group1, group2

This command changes the required number of approvers:

cluster1::> security multi-admin-verify modify -required-approvers 3

This command enables the feature. The default is false (disabled):

cluster1::> security multi-admin-verify modify -enabled true

This command changes the execution expiry:

cluster1::> security multi-admin-verify modify -execution-expiry 14d

This command changes the approval expiry:

cluster1::> security multi-admin-verify modify -approval-expiry 48h
Top of Page