ONTAP 9.14.1 commands

security login role create

Add an access control role

Availability: This command is available to cluster administrators at the admin privilege level.


The security login role create command creates an access-control role. An access-control role consists of a role name and a command or directory to which the role has access. It optionally includes an access level (none, readonly, or all) and a query that applies to the specified command or command directory. After you create an access-control role, you can apply it to a management-utility login account by using the security login modify or security login create commands.


-vserver <vserver name> - Vserver

This optionally specifies the Vserver name associated with the role.

-role <text> - Role Name

This specifies the role that is to be created.

-cmddirname <text> - Command / Directory

This specifies the command or command directory to which the role has access. The command or command directory must be specified either within double quotes or inside curly brackets. To specify the default setting, use the special value "`DEFAULT` ".

[-access {none|readonly|read_create|read_modify|read_create_modify|all}] - Access Level

This optionally specifies an access level for the role. Possible access level settings are none, readonly, and all. The default setting is all .

[-query <query>] - Query

This optionally specifies the object that the role is allowed to access. The query object must be applicable to the command or directory name specified by -cmddirname. The query object must be enclosed in double quotation marks (""), and it must be a valid field name.


The following command creates an access-control role named "admin" for the vs1.example.com Vserver. The role has all access to the "volume" command but only within the "aggr0" aggregate.

cluster1::> security login role create -role admin -cmddirname volume -query "-aggr aggr0" -access all -vserver vs1.example.com
Top of Page