受限 RBAC 帐户仍可删除 OCSMv4 中的快照

适用场景

• ONTAP
• OCSMv4

问题描述

命令为 "volume snapshot delete" 的用户访问级别为 "none" 能够在 OnCommand System Manager v4 中删除快照

Netapp::*> security login role show -role snapshot
      Role      Command/                    Access
Vserver   Name      Directory                 Query Level
---------- ------------- --------- ----------------------------------- --------
Netapp   snapshot    DEFAULT                     all
             volume snapshot create             all
             volume snapshot delete             none
             volume snapshot modify             all
             volume snapshot show              all