Apparently role can only limit access to the whole top-level CLI command. Attempt to limit access to specific subcommand fails:
useradmin role add test -a login-*,cli-vol-status
Invalid capabilities: cli-vol-status Could not add role <test>. Error: Invalid capability
Is there any way to limit user access to specific SUB-command? So that user would not accidentally have possibility to execute "vol destroy" ...
The specific example is 7.2.3P7 in case 7.2.4 has some changes in this area.
С уважением / With best regards / Mit freundlichen Grüβen
--- Andrey Borzenkov Senior system engineer
Not for the CLI interface. For the API interface you can. ----- Original Message ----- From: "Borzenkov, Andrey" Andrey.Borzenkov@fujitsu-siemens.com To: "NetApp list" toasters@mathworks.com Sent: Thursday, January 17, 2008 4:47 AM Subject: Limit access to CLI subcommand
Apparently role can only limit access to the whole top-level CLI command. Attempt to limit access to specific subcommand fails:
useradmin role add test -a login-*,cli-vol-status
Invalid capabilities: cli-vol-status Could not add role <test>. Error: Invalid capability
Is there any way to limit user access to specific SUB-command? So that user would not accidentally have possibility to execute "vol destroy" ...
The specific example is 7.2.3P7 in case 7.2.4 has some changes in this area.
С уважением / With best regards / Mit freundlichen Grüβen
Andrey Borzenkov Senior system engineer
-
Bill Holland -
Borzenkov, Andrey