受限 RBAC 帐户仍可删除 OCSMv4 中的快照
适用场景
- ONTAP
- OCSMv4
问题描述
命令为 "volume snapshot delete" 的用户访问级别为 "none" 能够在 OnCommand System Manager v4 中删除快照
Netapp::*> security login role show -role snapshot
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
Netapp snapshot DEFAULT all
volume snapshot create all
volume snapshot delete none
volume snapshot modify all
volume snapshot show all