The capability types Data ONTAP supports include login, cli, security, api, and compliance.
The following table describes the supported capability types.
This capability type... | Has the following capabilities... |
---|---|
login | Grants the specified role login capabilities.
login-* grants the specified role the capability to log in through all supported protocols. login-protocol grants the specified role the capability to log in through a specified protocol. Supported protocols include the following:
|
cli | Grants the specified role the capability to execute one or more Data ONTAP command line interface (CLI) commands.
cli-* grants the specified role the capability to execute all supported CLI commands. cli-cmd* grants the specified role the capability to execute all commands associated with the CLI command cmd. For example, the following command grants the specified role the capability to execute all
vol commands:
useradmin role modify
status_gatherer -a cli-vol*
Note: Users with
cli capability also require at least one
login capability to execute CLI commands.
|
security | Grants the specified role security-related capabilities, such as the capability to change other users’ passwords or to invoke the CLI
priv set advanced command.
security-* grants the specified role all security capabilities. security-capability grants the specified role one of the following specific security capabilities:
|
api | Grants the specified role the capability to execute Data ONTAP API calls.
api-* grants the specified role all API capabilities. api-api_call_family-* grants the specified role the capability to call all API routines in the family api_call_family. api-api_call grants the specified role the capability to call the API routine api_call. Note:
You have more fine-grained control of the command set with the api capabilities because you can give subcommand capabilities as well. Users with api capability also require the login-http-admin capability to execute API calls. |
compliance | Grants the specified role the capability to execute compliance-related operations.
compliance-* grants the specified role the capability to execute all compliance-related operations. compliance-privileged-delete grants the specified role the capability to execute privileged deletion of compliance data. Note: The compliance capabilities (compliance-*) are included in the default capabilities of the
compliance role. The compliance capabilities cannot be removed from the
compliance role or added to other roles.
|