Module netapp_ontap.resources.role_privilege
Copyright © 2023 NetApp Inc. All rights reserved.
This file has been automatically generated based on the ONTAP REST API documentation.
Overview
A role can comprise of multiple tuples and each tuple consists of a REST API path or command/command directory path and its access level. If the tuple refers to a command/command directory path, it may optionally be associated with a query. These APIs can be used to retrieve or modify the associated access level and optional query. They can also be used to delete one of the constituent REST API paths or command/command directory paths within a role. The REST API path can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
- /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
- /api/storage/volumes/{volume.uuid}/files
- /api/storage/volumes/{volume.uuid}/top-metrics/clients
- /api/storage/volumes/{volume.uuid}/top-metrics/directories
- /api/storage/volumes/{volume.uuid}/top-metrics/files
- /api/storage/volumes/{volume.uuid}/top-metrics/users
- /api/svm/svms/{svm.uuid}/top-metrics/clients
- /api/svm/svms/{svm.uuid}/top-metrics/directories
- /api/svm/svms/{svm.uuid}/top-metrics/files
- /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
The role can be SVM-scoped or cluster-scoped.
Specify the owner UUID and the role name in the URI path. The owner UUID corresponds to the UUID of the SVM for which the role has been created and can be obtained from the response body of a GET request performed on one of the following APIs:
/api/security/roles for all roles
/api/security/roles/?scope=svm for SVM-scoped roles
/api/security/roles/?owner.name=
for roles in a specific SVM This API response contains the complete URI for each tuple of the role and can be used for GET, PATCH, or DELETE operations. Note: The access level for paths in pre-defined roles cannot be updated.
Examples
Updating the access level for a REST API path in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="/api/protocols")
resource.access = "all"
resource.patch()
Updating the access level for a command/command directory path in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="netp port")
resource.access = "readonly"
resource.query = "-type if-group|vlan"
resource.patch()
Updating the access level for a resource-qualified endpoint in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege(
"svm_role1",
path="/api/storage/volumes/742ef001-24f0-4d5a-9ec1-2fdaadb282f4/files",
)
resource.access = "readonly"
resource.patch()
Retrieving the access level for a REST API path in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="/api/protocols")
resource.get()
print(resource)
RolePrivilege(
{
"path": "/api/protocols",
"access": "all",
"_links": {
"self": {
"href": "/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fprotocols"
}
},
}
)
Retrieving the access level for a command/command directory path in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="net port")
resource.get()
print(resource)
RolePrivilege(
{
"query": "-type if-group|vlan",
"path": "net port",
"access": "readonly",
"_links": {
"self": {
"href": "/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/net%20port"
}
},
}
)
Retrieving the access level for a resource-qualified endpoint in the privilege tuple of an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege(
"svm_role1",
path="/api/storage/volumes/d0f3b91a-4ce7-4de4-afb9-7eda668659dd//snapshots",
)
resource.get()
print(resource)
RolePrivilege(
{
"path": "/api/storage/volumes/d0f3b91a-4ce7-4de4-afb9-7eda668659dd/snapshots",
"access": "all",
"_links": {
"self": {
"href": "/api/security/roles/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_role1/privileges/%2Fapi%2Fstorage%2Fvolumes%2Fd0f3b91a-4ce7-4de4-afb9-7eda668659dd%2Fsnapshots"
}
},
}
)
Deleting a privilege tuple, containing a REST API path, from an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="/api/protocols")
resource.delete()
Deleting a privilege tuple, containing a command/command directory path, from an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege("svm_role1", path="net port")
resource.delete()
Deleting a privilege tuple, containing a resource-qualified endpoint, from an existing role
from netapp_ontap import HostConnection
from netapp_ontap.resources import RolePrivilege
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = RolePrivilege(
"svm_role1",
path="/api/storage/svm/6e000659-9a16-11ec-819e-005056bb1a7c/top-metrics/files",
)
resource.delete()
Classes
class RolePrivilege (*args, **kwargs)
-
A tuple containing a REST endpoint or a command/command directory path and the access level assigned to that endpoint or command/command directory. If the "path" attribute refers to a command/command directory path, the tuple could additionally contain an optional query. The REST endpoint can be a resource-qualified endpoint. At present, the only supported resource-qualified endpoints are the following
Snapshots APIs- /api/storage/volumes/{volume.uuid}/snapshots
- /api/storage/volumes/{volume.uuid}/files
- /api/storage/volumes/{volume.uuid}/top-metrics/clients
- /api/storage/volumes/{volume.uuid}/top-metrics/directories
- /api/storage/volumes/{volume.uuid}/top-metrics/files
- /api/storage/volumes/{volume.uuid}/top-metrics/users
- /api/svm/svms/{svm.uuid}/top-metrics/clients
- /api/svm/svms/{svm.uuid}/top-metrics/directories
- /api/svm/svms/{svm.uuid}/top-metrics/files
- /api/svm/svms/{svm.uuid}/top-metrics/users
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def count_collection (*args, connection: HostConnection = None, **kwargs) -> int
-
Returns a count of all RolePrivilege resources that match the provided query
This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.
Returns
On success, returns an integer count of the objects of this type. On failure, returns -1.
Raises
NetAppRestError
: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library. def delete_collection (*args, records: Iterable[_ForwardRef('RolePrivilege')] = None, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes a privilege tuple (of REST URI or command/command directory path, its access level and an optional query) from the role. The REST URI can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
Required parameters
owner.uuid
- UUID of the SVM which houses this role.name
- Name of the role to be updated.path
- Constituent REST API path or command/command directory path to be deleted from this role. Can be a resource-qualified endpoint (example: /api/svm/svms/43256a71-be02-474d-a2a9-9642e12a6a2c/top-metrics/users). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.
Related ONTAP commands
security login rest-role delete
security login role delete
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
records
- Can be provided in place of a query. If so, this list of objects will be deleted from the host.
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be deleted.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find (*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves privilege details of the specified role.
Related ONTAP commands
security login rest-role show
security login role show
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object or None if no matches were found.Raises
NetAppRestError
: If the API call returned more than 1 matching resource. def get_collection (*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> Iterable[Resource]
-
Retrieves privilege details of the specified role.
Related ONTAP commands
security login rest-role show
security login role show
Learn more
Fetch a list of all objects of this type from the host.
This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated. def patch_collection (body: dict, *args, records: Iterable[_ForwardRef('RolePrivilege')] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates the access level for a REST API path or command/command directory path. Optionally updates the query, if 'path' refers to a command/command directory path. The REST API path can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
Required parameters
owner.uuid
- UUID of the SVM that houses this role.name
- Name of the role to be updated.path
- Constituent REST API path or command/command directory path, whose access level and/or query are/is to be updated. Can be a resource-qualified endpoint (example: /api/storage/volumes/43256a71-be02-474d-a2a9-9642e12a6a2c/snapshots). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.access
- Access level for the path.
Optional parameters
query
- Optional query, if the path refers to a command/command directory path.
Related ONTAP commands
security login rest-role modify
security login role modify
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection. The body argument will be ignored if records is provided.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
records
- Can be provided in place of a query. If so, this list of objects will be patched on the host.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post_collection (records: Iterable[_ForwardRef('RolePrivilege')], *args, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> Union[List[RolePrivilege], NetAppResponse]
-
Adds a privilege tuple (of REST URI or command/command directory path, its access level and an optional query, if the "path" refers to a command/command directory path) to an existing role.
Required parameters
owner.uuid
- UUID of the SVM that houses this role.name
- Name of the role to be updated.path
- REST URI path (example: /api/storage/volumes) or command/command directory path (example: snaplock compliance-clock). Can be a resource-qualified endpoint (example: /api/storage/volumes/43256a71-be02-474d-a2a9-9642e12a6a2c/snapshots). Currently, resource-qualified endpoints are limited to the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
*access
- Desired access level for the REST URI path or command/command directory.Related ONTAP commands
security login rest-role create
security login role create
Learn more
Send this collection of objects to the host as a creation request.
Args
records
- A list of
Resource
objects to send to the server to be created. *args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to create a bar for a particular foo, the foo.name value should be passed.
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of each object. When hydrate is set to True, poll must also be set to True.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A list of
Resource
objects matching the provided type which have been created by the host and returned. This is not the same list that was provided, so to continue using the object, you should save this list. If poll is set to False, then aNetAppResponse
object is returned instead.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Deletes a privilege tuple (of REST URI or command/command directory path, its access level and an optional query) from the role. The REST URI can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
Required parameters
owner.uuid
- UUID of the SVM which houses this role.name
- Name of the role to be updated.path
- Constituent REST API path or command/command directory path to be deleted from this role. Can be a resource-qualified endpoint (example: /api/svm/svms/43256a71-be02-474d-a2a9-9642e12a6a2c/top-metrics/users). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.
Related ONTAP commands
security login rest-role delete
security login role delete
Learn more
Send a deletion request to the host for this object.
Args
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get (self, **kwargs) -> NetAppResponse
-
Retrieves the access level for a REST API path or command/command directory path for the specified role. Optionally retrieves the query, if 'path' refers to a command/command directory path. The REST API path can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
Related ONTAP commands
security login rest-role show
security login role show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Updates the access level for a REST API path or command/command directory path. Optionally updates the query, if 'path' refers to a command/command directory path. The REST API path can be a resource-qualified endpoint. Currently, the only supported resource-qualified endpoints are the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
Required parameters
owner.uuid
- UUID of the SVM that houses this role.name
- Name of the role to be updated.path
- Constituent REST API path or command/command directory path, whose access level and/or query are/is to be updated. Can be a resource-qualified endpoint (example: /api/storage/volumes/43256a71-be02-474d-a2a9-9642e12a6a2c/snapshots). Currently, resource-qualified endpoints are limited to the Snapshots and File System Analytics endpoints listed above in the description.access
- Access level for the path.
Optional parameters
query
- Optional query, if the path refers to a command/command directory path.
Related ONTAP commands
security login rest-role modify
security login role modify
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Adds a privilege tuple (of REST URI or command/command directory path, its access level and an optional query, if the "path" refers to a command/command directory path) to an existing role.
Required parameters
owner.uuid
- UUID of the SVM that houses this role.name
- Name of the role to be updated.path
- REST URI path (example: /api/storage/volumes) or command/command directory path (example: snaplock compliance-clock). Can be a resource-qualified endpoint (example: /api/storage/volumes/43256a71-be02-474d-a2a9-9642e12a6a2c/snapshots). Currently, resource-qualified endpoints are limited to the following:
Snapshots APIs
– /api/storage/volumes/{volume.uuid}/snapshots
File System Analytics APIs
– /api/storage/volumes/{volume.uuid}/files – /api/storage/volumes/{volume.uuid}/top-metrics/clients – /api/storage/volumes/{volume.uuid}/top-metrics/directories – /api/storage/volumes/{volume.uuid}/top-metrics/files – /api/storage/volumes/{volume.uuid}/top-metrics/users – /api/svm/svms/{svm.uuid}/top-metrics/clients – /api/svm/svms/{svm.uuid}/top-metrics/directories – /api/svm/svms/{svm.uuid}/top-metrics/files – /api/svm/svms/{svm.uuid}/top-metrics/users
In the above APIs, wildcard character * could be used in place of {volume.uuid} or {svm.uuid} to denote all volumes or all SVMs, depending upon whether the REST endpoint references volumes or SVMs.
*access
- Desired access level for the REST URI path or command/command directory.Related ONTAP commands
security login rest-role create
security login role create
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class RolePrivilegeSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)
-
The fields of the RolePrivilege object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.base.SchemaABC
Class variables
-
access: str GET POST PATCH
-
The access field of the role_privilege.
-
links: SelfLink GET
-
The links field of the role_privilege.
-
path: str GET POST
-
Either of REST URI/endpoint OR command/command directory path.
Example: volume move start
-
query: str GET POST PATCH
-
Optional attribute that can be specified only if the "path" attribute refers to a command/command directory path. The privilege tuple implicitly defines a set of objects the role can or cannot access at the specified access level. The query further reduces this set of objects to a subset of objects that the role is allowed to access. The query attribute must be applicable to the command/command directory specified by the "path" attribute. It is defined using one or more parameters of the command/command directory path specified by the "path" attribute.
Example: -vserver vs1|vs2|vs3 -destination-aggregate aggr1|aggr2