Role-based access control (RBAC) limits users' administrative access to the level granted for their role, enabling you to manage users by the role they are assigned to. Data ONTAP provides several predefined roles. You can also create additional access-control roles, modify them, delete them, or specify account restrictions for users of a role.
You can manage access-control roles in the following ways:
- Creating an access-control role and specifying the command or command directory that the role's users can access
- Controlling the level of access the role has for the command or command directory and specifying a query that applies to the command or command directory
- Modifying an access-control role's access to a command or command directory
- Displaying information about access-control roles, such as the role name, the command or command directory that a role can access, the access level, and the query
- Deleting an access-control role
- Restricting a user's access to only a specified set of commands
- Modifying an access-control role's account restrictions and settings for user names and passwords
- Displaying the current settings for the restrictions on an access-control role or user account
- Displaying Data ONTAP APIs and their corresponding CLI commands
Data ONTAP prevents you from modifying predefined roles.
You use the security login role and security login role config commands to manage access-control roles.