跳转到主内容

VSC 、 VASA 和 SRA 7.0 ONTAP RBAC 配置

Views:
4
Visibility:
Public
Votes:
0
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

适用于

  • Virtual Storage Console 
  • VMware

解答

此知识库详细介绍了在 VMware 环境中正确运行 VSC 、 VASA 和 SRA 7.0 所需的 ONTAP 命令和角色创建。

VSC 、 VASA 和 SRA 7.0 ONTAP RBAC 配置

从 VSC 、 VASA 和 SRA 7.0 开始,这些应用程序现在共享一个虚拟设备、称为 NetApp 统一设备。
有关支持的配置的最新信息,请参见 Interoperability Matrix Tool ( IMT )。

为了控制用户拥有的访问权限并对其执行访问权限, vCenter 和 ONTAP 都使用角色基础访问控制( RBAC )。
此知识库介绍 ONTAP 中需要哪些命令和功能。

VMware vCenter Server RBAC :
有关为相应的 SRM RBAC 配置 vCenter 用户的信息、请参阅 VMware Site Recovery Manager 6.1 文档中心。
VSC 和 VASA 安装必要的 vCenter RBAC 功能;有关其他信息,请参阅 Virtual Storage Console 、 VASA Provider 和 Storage Replication Adapter for VMware vSphere 的“ VSC for VMware vSphere 中基于角色的访问控制功能”部分— 7.0 版本的部署和设置指南。

ONTAP RBAC 注意事项:
VSC 7.0 可以在集群级别或 SVM 级别访问 ONTAP (有时在 NetApp 文档中称为“直接连接的 SVMS ”)。

SRA 7.0 可以在集群级别或 SVM 级别访问 ONTAP 。
如果在集群级别添加存储、管理员帐户将提供 SRA 可能需要的所有功能。但是,如果通过将 SRA 4.0 直接连接到 SVM 来添加存储,则应该注意到 vsadmin 没有执行其必要操作所需的所有角色和功能。

VASA 7.0 只能在集群级别访问 ONTAP 。这意味着,如果特定存储控制器需要 VASA 、则必须在集群级别的 VSC 中添加它(而不是直接添加 SVM )、即使使用 VSC 和 / 或 SRA 。

本节列出了所有必需的 ONTAP 功能,并使用这些命令执行此操作以方便用户创建。

以下是创建新用户并将集群 /SVM 连接到 VSC 、 VASA 和 SRA 的工作流:

  1. 在 ONTAP 中,使用所需的命令创建适当的角色

  2. 在 ONTAP 中,创建具有分配的角色和相应应用程序集的用户

 

以下是推荐的 VSC 、 VASA 和 SRA ONTAP RBAC 角色。请注意,在 ONTAP 中,每个用户只能分配一个 ONTAP 角色。这意味着,如果 VSC 需要能够执行多个这些角色、则需要将以下指示的所有功能分配给在 VSC 中用于存储控制器或 SVM 凭据的用户。

注: Data ONTAP 的 RBAC 用户创建工具可在工具箱的 NetApp 支持站点上找到,以帮助设置 ONTAP RBAC 角色。

VSC 角色(集群或 SVM 级别)
  • 发现—此角色允许发现所有连接的存储控制器。

  • 创建存储—此角色允许创建卷和逻辑单元号( LUN )。

  • 修改存储—此角色允许调整存储的大小和删除存储的副本。

  • 销毁存储—此角色允许销毁卷和 LUN

VASA 角色(仅限集群级别):

  • 基于策略的管理—此角色允许使用存储功能对存储进行基于策略的管理。

SRA 角色(集群或 SVM 级别):

  • SRA NAS/SAN 角色—此角色仅允许在 VMware SRM 环境中发现 NAS 或 SAN 中的所有连接存储控制器。

请注意,无需在集群和 SVM 级别创建角色。应在需要访问的地方创建角色(例如在集群或 SVM )。

需要访问 ONTAP 命令
发现角色( VSC )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • network interface migrate

  • security login role show-user-capability

  • set

  • storage failover show

  • system node run

  • volume efficiency stat

  • job

需要“只读”级别 ONTAP 访问(集群)的命令:  

  • cluster identity show

  • cluster peer show

  • cluster show

  • lun geometry

  • lun igroup show

  • lun show

  • network fcp adapter show

  • network interface show

  • network port show

  • security login role show-ontapi

  • security login role show

  • security login show

  • snapmirror show

  • storage aggregate show

  • storage disk show

  • system health alert show

  • system health status show

  • system license show

  • system node run

  • system node show

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver show

  • lun mapping show

  • snapmirror list-destinations

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • security login role show-user-capability

  • set

  • event generate-autosupport-log

  • volume efficiency stat

  • snapmirror show

  • job

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • lun geometry

  • lun igroup show

  • lun show

  • network interface

  • version

  • volume efficiency show

  • volume qtree show

  • volume quota report

  • volume quota show

  • volume show

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi show

  • vserver nfs show

  • vserver nfs status

  • vserver

  • lun mapping show

  • snapmirror list-destinations

创建存储角色( VSC )

集群级别

需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move

  • lun online

  • snapmirror update-ls-set

  • system node autosupport invoke

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • vserver services name-service unix-group

  • vserver services name-service unix-user

  • lun mapping create

  • lun mapping delete

  • qos policy-group create

需要“只读”级别 ONTAP 访问(集群)的命令:

  • job show-completed

  • snapmirror show

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • snapmirror list-destinations

SVM 级别

需要“全部”级别 ONTAP 访问( SVM )的命令:

  • lun comment

  • lun create

  • lun igroup add

  • lun igroup create

  • lun igroup set

  • lun igroup show

  • lun modify

  • lun move cancel

  • lun move modify

  • lun move pause

  • lun move recover-source

  • lun move resume

  • lun move show

  • lun move show-by-job-info

  • lun move start

  • lun online

  • volume autosize

  • volume clone create

  • volume create

  • volume efficiency on

  • volume efficiency show

  • volume efficiency start

  • volume efficiency stop

  • volume modify

  • volume restrict

  • volume snapshot create

  • volume snapshot delete

  • volume unmount

  • vserver export-policy rule create

  • vserver export-policy rule setindex

  • vserver iscsi interface accesslist add

  • vserver nfs status

  • snapmirror abort

  • snapmirror break

  • snapmirror check

  • snapmirror create

  • snapmirror delete

  • snapmirror get-volume-status

  • snapmirror initialize

  • snapmirror list-destinations

  • snapmirror modify

  • snapmirror quiesce

  • snapmirror release

  • snapmirror restore

  • snapmirror resume

  • snapmirror resync

  • snapmirror show

  • snapmirror update

  • snapmirror policy add-rule

  • snapmirror policy create

  • snapmirror policy delete

  • snapmirror policy modify

  • snapmirror policy modify-rule

  • snapmirror policy remove-rule

  • snapmirror policy show

  • snapmirror snapshot-owner create

  • snapmirror snapshot-owner delete

  • snapmirror snapshot-owner show

  • snapmirror update-ls-set

  • lun mapping create

  • lun mapping delete

  • vserver services name-service unix-group adduser

  • vserver services name-service unix-group addusers

  • vserver services name-service unix-group create

  • vserver services name-service unix-group delete

  • vserver services name-service unix-group deluser

  • vserver services name-service unix-group load-from-uri

  • vserver services name-service unix-group modify

  • vserver services name-service unix-group show

  • vserver services name-service unix-group file show

  • vserver services name-service unix-group file status

  • vserver services name-service unix-group file-only modify

  • vserver services name-service unix-group file-only show

  • vserver services name-service unix-user create

  • vserver services name-service unix-user delete

  • vserver services name-service unix-user load-from-uri

  • vserver services name-service unix-user modify

  • vserver services name-service unix-user show

  • vserver services name-service unix-user file show

  • vserver services name-service unix-user file status

  • vserver services name-service unix-user file-only modify

  • vserver services name-service unix-user file-only show

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • job show-completed

  • volume snapshot show

  • vserver fcp initiator show

  • vserver iscsi connection show

  • vserver iscsi interface show

  • vserver iscsi session show

  • lun mapping show

修改存储角色( VSC )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • lun resize

  • volume efficiency off

  • volume file show-disk-usage

  • volume size

销毁存储角色( VSC )

集群级别:

需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • lun delete

  • lun offline

  • volume destroy

  • volume offline

基于策略的管理角色( VASA )

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • event generate-autosupport-log

  • lun

  • qos policy-group create

  • qos policy-group show

  • security login role show-user-capability

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • volume

  • vserver export-policy create

  • vserver export-policy delete

  • vserver export-policy rule create

  • vserver export-policy rule delete

  • vserver export-policy rule setindex

  • vserver export-policy rule show

  • vserver export-policy show

  • vserver fcp initiator show

  • vserver fcp interface show

  • vserver fcp show

  • vserver iscsi create

  • vserver iscsi show

  • vserver iscsi start

  • vserver nfs status

  • vserver nfs show

  • vserver peer show

  • vserver show

需要“只读”级别 ONTAP 访问(集群)的命令:

  • cluster identity show

  • cluster peer show

  • cluster show

  • job schedule cron show

  • metrocluster show

  • network fcp adapter show

  • network interface show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • version

SRA NAS/SAN 角色

集群级别:
需要“所有”级别 ONTAP 访问(集群)的命令:

  • lun

  • qos policy-group create

  • qos policy-group show

  • snapmirror

  • storage failover show

  • system node run

  • system services ndmp

  • system snmp traphost add

  • system snmp traphost delete

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create    

  • snapmirror list-destinations

  • snapmirror create

  • network

  • job

  • event generate-autosupport-log

需要“只读”级别 ONTAP 访问(集群)的命令:

  • cluster identity show

  • cluster peer show

  • cluster show

  • metrocluster show

  • storage aggregate show

  • storage disk show

  • system license show

  • system node show

  • system snmp show

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

SVM 级别:
需要“全”级别 ONTAP 访问( SVM )的命令:

  • vserver nfs status

  • vserver nfs show

  • vserver nfs modify

  • vserver nfs delete

  • vserver nfs create

  • vserver iscsi start

  • vserver iscsi show

  • vserver iscsi modify

  • vserver iscsi delete

  • vserver iscsi create   

  • vserver fcp show

  • vserver fcp modify

  • vserver fcp delete

  • vserver fcp create

  • vserver export-policy show

  • vserver export-policy rule show

  • vserver export-policy rule modify

  • vserver export-policy rule delete

  • vserver export-policy rule create

  • vserver export-policy delete

  • vserver export-policy create

  • vserver peer show

  • vserver

  • volume snapshot show

  • volume snapshot modify

  • volume snapshot create

  • volume show

  • volume quota report

  • volume qtree show

  • volume qtree create

  • volume mount

  • volume unmount

  • volume modify

  • volume offline

  • volume online

  • volume file show-filehandle

  • volume file show-disk-usage

  • volume file reservation

  • volume file clone show-autodelete-list

  • volume file clone create

  • volume file clone autodelete

  • volume efficiency show

  • volume efficiency modify

  • volume destroy

  • volume create

  • volume clone show

  • volume clone create

  • snapmirror abort

  • snapmirror break

  • snapmirror show

  • snapmirror delete

  • snapmirror initialize

  • snapmirror quiesce

  • snapmirror release

  • snapmirror resync

  • snapmirror update

  • snapmirror policy show

  • snapmirror policy modify

  • snapmirror policy delete

  • snapmirror policy create    

  • snapmirror list-destinations

  • snapmirror create

  • network

  • lun show

  • lun set space-alloc

  • lun set reservation

  • lun set dev_id

  • lun portset show

  • lun portset remove

  • lun portset delete

  • lun portset create

  • lun portset add

  • lun persistent-reservation clear

  • lun modify

  • lun online

  • lun mapping show

  • lun mapping delete

  • lun mapping create

  • lun igroup add

  • lun igroup unbind

  • lun igroup show

  • lun igroup set

  • lun igroup rename

  • lun igroup remove

  • lun igroup modify

  • lun igroup disable-aix-support

  • lun igroup delete

  • lun igroup create

  • lun create

  • job

  • event generate-autosupport-log

需要“只读”级别 ONTAP 访问( SVM )的命令:

  • vserver peer show

  • vserver fcp interface show

  • vserver fcp initiator show

  • version

  • security login role

  • lun persistent-reservation show

用于创建角色的命令

注:指示集群管理虚拟服务器( SVM )的名称。
<vserver_name>指示数据虚拟服务器( SVM )的名称。
但是,可以通过 System Manager 界面创建角色和用户、因为指定的命令数量众多。通过 ONTAP 命令行或 API 执行此操作更有效。

这些角色并不完全包括在其中。这意味着,如果 VSC 部署需要在单个集群上发现、创建存储、修改存储、销毁存储、基于 VASA 策略的管理和 SRA NAS/SAN 发现功能、则必须在添加所有这些命令后创建单个角色。应该注意的是,在 VSC 角色、 VASA 角色和 SRA 角色之间有几个重复的命令。在下面列出的独立角色之后、将汇总所有集群级命令并汇总所有 SVM 级命令(删除重复项)以帮助加快配置。

发现( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

SVM 级别
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "network interface"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "snapmirror list-destinations"

创建存储( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move cancel"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move pause"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move recover-source"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move show-by-job-info"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun move start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror check"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror get-volume-status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror restore"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resume"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy add-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy remove-rule"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror snapshot-owner show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group adduser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group addusers"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group deluser"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-group file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user load-from-uri"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver services name-service unix-user file-only show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun mapping show"


修改存储器( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume size"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume size"

销毁存储( VSC )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"

基于策略的管理角色( VASA )

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"

SRA NAS/SAN 角色

集群级别:
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"


SVM 级别:
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set space-alloc"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set reservation"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun set dev_id"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun portset add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun persistent-reservation clear"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup unbind"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup rename"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup remove"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup modify"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup disable-aix-support"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup delete"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <vserver_name> -access readonly -cmddirname "lun persistent-reservation show"

将所有针对 VSC 、 VASA 和 SRA 的命令汇总到集群级别:
注:已删除重复项

security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "event generate-autosupport-log"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "job"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun comment"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun mapping delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun move"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "lun"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network interface migrate"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "network"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "qos policy-group show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "security login role show-user-capability"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror abort"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror break"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror initialize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror quiesce"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror release"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror resync"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update-ls-set"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror update"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "snapmirror"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "storage failover show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node autosupport invoke"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system services ndmp"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "system snmp traphost delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume autosize"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume clone show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume destroy"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency on"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stat"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency stop"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone autodelete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file clone show-autodelete-list"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file reservation"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume file show-filehandle"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume mount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume offline"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume online"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume restrict"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume unmount"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "volume"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule setindex"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi interface accesslist add"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver iscsi start"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs create"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs delete"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs modify"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-group"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver services name-service unix-user"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access all -cmddirname "vserver"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster identity show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "cluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job schedule cron show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "job show-completed"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun geometry"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun igroup show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun mapping show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun persistent-reservation show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "lun show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "metrocluster show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network fcp adapter show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "network port show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show-ontapi"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login role"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "security login show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror list-destinations"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "snapmirror show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage aggregate show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "storage disk show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health alert show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system health status show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system license show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node run"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system node show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "system snmp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "version"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume efficiency show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume qtree show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota report"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume quota show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "volume snapshot show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy rule show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver export-policy show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp initiator show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver fcp show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi connection show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi interface show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi session show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver iscsi show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver nfs status"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver peer show"
security login role create -role <new_role_name> -vserver <cluster_vserver_name> -access readonly -cmddirname "vserver show"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "lun resize"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume efficiency off"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume file show-disk-usage"
security login role create -role <new_role_name>-vserver <cluster_vserver_name> -access all -cmddirname "volume size"

其他信息

附加信息 _text