Greeting, does anyone know what the secret (undocumented) security-* capability which allows you to elevate to diag level and see those CLI commands, i.e. running 'priv set diag', is called?
The man pages for 8.1.x tells us this:
- - - The security-* type currently only has a few elements (5):
security-passwd-change-others which is used specifically to control if a user can change another user's password without knowing their previous password. By default, only root and members of the Administrators group have this capability.
security-priv-advanced which is necessary to run advanced commands that are not used for normal administration. Please talk to a NetApp Inc representative before using advanced commands. By default, only root and members of the Administrators group have this capability.
security-api-vfiler Normally a client will send ONTAP APIs directly to a vfiler if it wishes the API to be executed on the vfiler. The security-apivfiler capability is necessary to send ONTAP APIs to the physical node which are to be forwarded to a vfiler for execution. By default, only root and members of the Administrators group have this capability.
security-load-lclgroups which is necessary to run the useradmin domainuser load command. This command changes all group membership. By default, only root and members of the Administrators group have this capability.
security-complete-user-control which is used to allow an admin to add, modify, and delete users, groups and roles with more capabilities than himself. These users typically only have access to the cli-useradmin* and associated commands, though they can give themselves greater permissions. By default, only root and members of the Administrators group have this capability. - - -
So that's fine and setting security-priv-advanced gives the results I expected. But it will not allow you to execute 'priv set diag'. However, setting up a role with capability security-* will, so there's at least one more in there with a name unknown to me.
I tried a few educated guesses like
security-priv-diag security-priv-diagnostics security-diag security-diagnostics security-priv-* security-priv-advdiag security-priv-advanced-diag
plus a some more along those lines, to no avail. I'm assuming there is something in there that has a specific name -- this assumption could be wrong of course
/M
I wrote:
does anyone know what the secret (undocumented) security-* capability which allows you to elevate to diag level and see those CLI commands, i.e. running 'priv set diag', is called?
The man pages for 8.1.x tells us this:
I forgot to clarify that this 7-mode I'm talking about.
/M
-
Michael Bergman