跳转到主内容

Vserver范围MAV功能

  1. 最后更新
  2. 另存为PDF
Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

适用场景

  • ONTAP 9
  • 多管理员验证

问题描述

  • 如果存在查询规则、则在从数据Vserver连接运行命令时、系统会提示用户进行MAV批准。
  • 如果存在查询规则、则在从管理Vserver运行命令时、不会提示用户进行MAV批准。
  • 示例:

Stormbreaker::*> multi-admin-verify rule show
  (security multi-admin-verify rule show)
                            Required  Approval
Vserver    Operation                  Approvers Groups
----------- ------------------------------------------ --------- -------------
Stormbreaker
       security login password           -      -
        Query: -multi-admin-approver true -different-user true
       security login unlock            -      -
        Query: -username diag
       security multi-admin-verify approval-group create -  -
       security multi-admin-verify approval-group delete -  -
       security multi-admin-verify approval-group modify -  -
       security multi-admin-verify approval-group replace - -
       security multi-admin-verify modify      -      -
       security multi-admin-verify rule create   -      -
       security multi-admin-verify rule delete   -      -
       security multi-admin-verify rule modify   -      -
       set                     -      -
        Query: -privilege diagnostic
      volume snapshot delete           -      MAV_group1
        Query: -vserver cifs
12 entries were displayed.

请注意 、在上述输出中、我们声明、在"cs" Svserver中、只需要MAV批准快照删除。 

  • 工作行为、从管理Vserver执行时:

Stormbreaker::> snapshot delete -vserver aws_kms -volume aws_kms_root  -snapshot hourly.2024-04-24_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-04-24_0805" for
     volume "aws_kms_root" in Vserver "aws_kms" ? {y|n}: y


Stormbreaker::> snapshot delete -vserver cifs -volume audit_log -snapshot hourly.2024-04-24_0905

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
     Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 1) is auto-generated and requires approval.
 

  • 从数据Vserver执行时的不工作行为:

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
     Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 4) is auto-generated and requires approval.

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-05-08_0805" for
     volume "gregg" in Vserver "cifs" ? {y|n}: y

 

aws_kms::> snapshot delete -volume aws_kms_root -snapshot hourly.2024-05-08_0805

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
     Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 5) is auto-generated and requires approval.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.