跳转到主内容
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

VSC 、 VASA 和 SRA 7.0 ONTAP RBAC 配置

Views:
19
Visibility:
Public
Votes:
1
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

适用于

  • Virtual Storage Console 
  • VMware

解答

此知识库详细介绍了在 VMware 环境中正确运行 VSC 、 VASA 和 SRA 7.0 所需的 ONTAP 命令和角色创建。

VSC 、 VASA 和 SRA 7.0 ONTAP RBAC 配置

从 VSC 、 VASA 和 SRA 7.0 开始,这些应用程序现在共享一个虚拟设备、称为 NetApp 统一设备。
有关支持的配置的最新信息,请参见 Interoperability Matrix Tool ( IMT )。

为了控制用户拥有的访问权限并对其执行访问权限, vCenter 和 ONTAP 都使用角色基础访问控制( RBAC )。
此知识库介绍 ONTAP 中需要哪些命令和功能。

VMware vCenter Server RBAC :
有关为相应的 SRM RBAC 配置 vCenter 用户的信息、请参阅 VMware Site Recovery Manager 6.1 文档中心。
VSC 和 VASA 安装必要的 vCenter RBAC 功能;有关其他信息,请参阅 Virtual Storage Console 、 VASA Provider 和 Storage Replication Adapter for VMware vSphere 的“ VSC for VMware vSphere 中基于角色的访问控制功能”部分— 7.0 版本的部署和设置指南。

ONTAP RBAC 注意事项:
VSC 7.0 可以在集群级别或 SVM 级别访问 ONTAP (有时在 NetApp 文档中称为“直接连接的 SVMS ”)。

SRA 7.0 可以在集群级别或 SVM 级别访问 ONTAP 。
如果在集群级别添加存储、管理员帐户将提供 SRA 可能需要的所有功能。但是,如果通过将 SRA 4.0 直接连接到 SVM 来添加存储,则应该注意到 vsadmin 没有执行其必要操作所需的所有角色和功能。

VASA 7.0 只能在集群级别访问 ONTAP 。这意味着,如果特定存储控制器需要 VASA 、则必须在集群级别的 VSC 中添加它(而不是直接添加 SVM )、即使使用 VSC 和 / 或 SRA 。

本节列出了所有必需的 ONTAP 功能,并使用这些命令执行此操作以方便用户创建。

以下是创建新用户并将集群 /SVM 连接到 VSC 、 VASA 和 SRA 的工作流:

  1. 在 ONTAP 中,使用所需的命令创建适当的角色

  2. 在 ONTAP 中,创建具有分配的角色和相应应用程序集的用户

 

以下是推荐的 VSC 、 VASA 和 SRA ONTAP RBAC 角色。请注意,在 ONTAP 中,每个用户只能分配一个 ONTAP 角色。这意味着,如果 VSC 需要能够执行多个这些角色、则需要将以下指示的所有功能分配给在 VSC 中用于存储控制器或 SVM 凭据的用户。

注: Data ONTAP 的 RBAC 用户创建工具可在工具箱的 NetApp 支持站点上找到,以帮助设置 ONTAP RBAC 角色。

VSC 角色(集群或 SVM 级别)
  • 发现—此角色允许发现所有连接的存储控制器。

  • 创建存储—此角色允许创建卷和逻辑单元号( LUN )。

  • 修改存储—此角色允许调整存储的大小和删除存储的副本。

  • 销毁存储—此角色允许销毁卷和 LUN

VASA 角色(仅限集群级别):

  • 基于策略的管理—此角色允许使用存储功能对存储进行基于策略的管理。

SRA 角色(集群或 SVM 级别):

  • SRA NAS/SAN 角色—此角色仅允许在 VMware SRM 环境中发现 NAS 或 SAN 中的所有连接存储控制器。

请注意,无需在集群和 SVM 级别创建角色。应在需要访问的地方创建角色(例如在集群或 SVM )。

需要访问 ONTAP 命令
发现角色( VSC )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • network interface migrate

  • security login role show-user-capability

  • set

  • storage failover show

  • system node run

  • volume efficiency stat

  • job

需要“只读”级别 ONTAP 访问(集群)的命令:  

  • cluster identity show

  • cluster peer show

  • cluster show

  • lun geometry

  • lun igroup show

  • lun show

  • network fcp adapter show

  • network interface show

  • network port show

  • security login role show-ontapi

  • security login role show

  • security login show

  • snapmirror show

  • storage aggregate show

  • storage disk show

  • system health alert show

  • system health status show

  • system license show

  • system node run

  • system node show

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver show

  • lun mapping show

  • snapmirror list-destinations

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • security login role show-user-capability

  • set

  • event generate-autosupport-log

  • volume efficiency stat

  • snapmirror show

  • job

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • lun geometry

  • lun igroup show

  • lun show

  • network interface

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver

  • lun mapping show

  • snapmirror list-destinations

创建存储角色( VSC )

集群级别

需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move

  • lun online

  • snapmirror update-ls-set

  • system node autosupport invoke

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • vserver services name-service unix-group

  • vserver services name-service unix-user

  • lun mapping create

  • lun mapping delete

  • qos policy-group create

需要“只读”级别 ONTAP 访问(集群)的命令:

  • job show-completed

  • snapmirror show

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • snapmirror list-destinations

SVM 级别

需要“全部”级别 ONTAP 访问( SVM )的命令:

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move cancel

  • lun move modify

  • lun move pause

  • lun move recover-source

  • lun move resume

  • lun move show

  • lun move show-by-job-info

  • lun move start

  • lun online

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • snapmirror abort

  • snapmirror break

  • snapmirror check

  • snapmirror create

  • snapmirror delete

  • snapmirror get-volume-status

  • snapmirror initialize

  • snapmirror list-destinations

  • snapmirror modify

  • snapmirror quiesce

  • snapmirror release

  • snapmirror restore

  • snapmirror resume

  • snapmirror resync

  • snapmirror show

  • snapmirror update

  • snapmirror policy add-rule

  • snapmirror policy create

  • snapmirror policy delete

  • snapmirror policy modify

  • snapmirror policy modify-rule

  • snapmirror policy remove-rule

  • snapmirror policy show

  • snapmirror snapshot-owner create

  • snapmirror snapshot-owner delete

  • snapmirror snapshot-owner show

  • snapmirror update-ls-set

  • lun mapping create

  • lun mapping delete

  • vserver services name-service unix-group adduser

  • vserver services name-service unix-group addusers

  • vserver services name-service unix-group create

  • vserver services name-service unix-group delete

  • vserver services name-service unix-group deluser

  • vserver services name-service unix-group load-from-uri

  • vserver services name-service unix-group modify

  • vserver services name-service unix-group show

  • vserver services name-service unix-group file show

  • vserver services name-service unix-group file status

  • vserver services name-service unix-group file-only modify

  • vserver services name-service unix-group file-only show

  • vserver services name-service unix-user create

  • vserver services name-service unix-user delete

  • vserver services name-service unix-user load-from-uri

  • vserver services name-service unix-user modify

  • vserver services name-service unix-user show

  • vserver services name-service unix-user file show

  • vserver services name-service unix-user file status

  • vserver services name-service unix-user file-only modify

  • vserver services name-service unix-user file-only show

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • job show-completed

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • lun mapping show

修改存储角色( VSC )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

销毁存储角色( VSC )

集群级别:

需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

基于策略的管理角色( VASA )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • event generate-autosupport-log

  • lun

  • qos policy-group create

  • qos policy-group show

  • security login role show-user-capability

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • volume

  • vserver export-policy create

  • vserver export-policy delete

  • vserver export-policy rule create

  • vserver export-policy rule delete

  • vserver export-policy rule setindex

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi create

  • vserver iscsi show

  • vserver iscsi start

  • vserver nfs status

  • vserver nfs show

  • vserver peer show

  • vserver show

需要“只读”级别 ONTAP 访问(集群)的命令:

  • cluster identity show

  • cluster peer show

  • cluster show

  • job schedule cron show

  • metrocluster show

  • network fcp adapter show

  • network interface show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • version

SRA NAS/SAN 角色

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun

  • qos policy-group create

  • qos policy-group show

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create    

  • snapmirror list-destinations

  • snapmirror create

  • network

  • job

  • event generate-autosupport-log

需要“只读”级别 ONTAP 访问(集群)的命令:

  • cluster identity show

  • cluster peer show

  • cluster show

  • metrocluster show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create    

  • snapmirror list-destinations

  • snapmirror create

  • network

  • lun show

  • lun set space-alloc

  • lun set reservation

  • lun set dev_id

  • lun portset show

  • lun portset remove

  • lun portset delete

  • lun portset create

  • lun portset add

  • lun persistent-reservation clear

  • lun modify

  • lun online

  • lun mapping show

  • lun mapping delete

  • lun mapping create

  • lun igroup add

  • lun igroup unbind

  • lun igroup show

  • lun igroup set

  • lun igroup rename

  • lun igroup remove

  • lun igroup modify

  • lun igroup disable-aix-support

  • lun igroup delete

  • lun igroup create

  • lun create

  • job

  • event generate-autosupport-log

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

用于创建角色的命令

注:指示集群管理虚拟服务器( SVM )的名称。
<vserver_name>指示数据虚拟服务器( SVM )的名称。
但是,可以通过 System Manager 界面创建角色和用户、因为指定的命令数量众多。通过 ONTAP 命令行或 API 执行此操作更有效。

这些角色并不完全包括在其中。这意味着,如果 VSC 部署需要在单个集群上发现、创建存储、修改存储、销毁存储、基于 VASA 策略的管理和 SRA NAS/SAN 发现功能、则必须在添加所有这些命令后创建单个角色。应该注意的是,在 VSC 角色、 VASA 角色和 SRA 角色之间有几个重复的命令。在下面列出的独立角色之后、将汇总所有集群级命令并汇总所有 SVM 级命令(删除重复项)以帮助加快配置。

发现( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

SVM 级别
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "network interface"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

创建存储( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move cancel"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move pause"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move recover-source"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show-by-job-info"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror check"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror get-volume-status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror restore"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy add-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy remove-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group adduser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group addusers"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group deluser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"


修改存储器( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume size"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume size"

销毁存储( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"

基于策略的管理角色( VASA )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"

SRA NAS/SAN 角色

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set space-alloc"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set dev_id"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun persistent-reservation clear"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup unbind"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup rename"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup disable-aix-support"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun persistent-reservation show"

将所有针对 VSC 、 VASA 和 SRA 的命令汇总到集群级别:
注:已删除重复项

security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume size"

其他信息

附加信息 _text

 

Scan to view the article on your device