Editing Authorizations for a Role (CLI) - Oracle® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.0 ... » Oracle^® ZFS Storage Appliance ... » Configuring the Appliance » Configuring Users » Editing Authorizations for a Role (CLI)

Updated: July 2017

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Document Information

About the Oracle ZFS Storage Appliance

Configuring the Appliance

Initial Appliance Configuration

Appliance Cluster Configuration

Cluster Configuration BUI View

Upgrading a Standalone Appliance to a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (BUI)

Shutting Down a Clustered Configuration (CLI)

Cluster Terminology

Understanding Clustering

Cluster Advantages and Disadvantages

Cluster Interconnect I/O

Cluster Resource Management

Cluster Takeover and Failback

Configuration Changes in a Clustered Environment

Clustering Considerations for Storage

Clustering Considerations for Networking

Private Local IP Interfaces

Clustering Considerations for InfiniBand

Preventing Split-Brain Conditions

Estimating and Reducing Takeover Impact

Network Configuration

Network Configuration (BUI)

Network Configuration (CLI)

Working with Network Configuration

Configuring Management Interfaces

Configuring Network Datalinks

Configuring Network Interfaces

Configuring Network IP MultiPathing (IPMP)

Configuring Network Performance and Availability

Configuring Network Routing

Configuring Storage

Creating a Storage Pool (BUI)

Creating a Storage Pool (CLI)

Importing an Existing Storage Pool (BUI)

Importing an Existing Storage Pool (CLI)

Configuring an All-Flash Storage Pool (BUI)

Configuring an All-Flash Storage Pool (CLI)

Adding a Disk Shelf to an Existing Storage Pool (BUI)

Adding a Disk Shelf to an Existing Storage Pool (CLI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (BUI)

Adding a Cache, Meta, or Log Device to an Existing Storage Pool (CLI)

Removing a Cache or Log Device from an Existing Storage Pool (BUI)

Removing a Cache or Log Device from an Existing Storage Pool (CLI)

Unconfiguring a Storage Pool (BUI)

Unconfiguring a Storage Pool (CLI)

Renaming a Storage Pool (BUI)

Renaming a Storage Pool (CLI)

Scrubbing a Storage Pool (BUI)

Scrubbing a Storage Pool (CLI)

Viewing Pool and Device Status (BUI)

Storage Pool Concepts

Data Profiles for Storage Pools

Understanding the Appliance Status

Dashboard Status

Summary of Memory Use

Disk Activity Dashboard

Running the Dashboard Continuously

Status Dashboard Settings

Changing the Displayed Activity Statistics

Changing the Activity Thresholds

Configuring Storage Area Network (SAN)

Configuring FC Port Modes (BUI)

Discovering FC Ports (BUI)

Creating FC Initiator Groups (BUI)

Associating a LUN with an FC Initiator Group (BUI)

Changing FC Port Modes (CLI)

Discovering FC Ports (CLI)

Creating FC Initiator Groups (CLI)

Associating a LUN with an FC Initiator Group (CLI)

Scripting Aliases for Initiators and Initiator Groups (CLI)

Creating an Analytics Worksheet (BUI)

Configuring SAN iSER Targets

Adding an iSCSI Target with an Auto-generated IQN (CLI)

Adding an iSCSI Target with a Specific IQN and RADIUS Authentication (CLI)

Adding an iSCSI Initiator with CHAP Authentication (CLI)

Adding an iSCSI Target Group (CLI)

Adding an iSCSI Initiator Group (CLI)

Configuring SRP Target (BUI)

Configuring SRP Targets (CLI)

Understanding SAN

SAN Fibre Channel Configuration

SAN iSCSI Configuration

SAN iSCSI Initiator Configuration

SAN SRP Configuration

SAN Terminology

Configuring Users

Adding an Administrator or User (BUI)

Adding an Administrator or User (CLI)

Changing a User Password (BUI)

Changing a User Password (CLI)

Editing Exceptions for a User (BUI)

Editing Exceptions for a User (CLI)

Deleting Exceptions for a User (BUI)

Deleting Exceptions for a User (CLI)

Adding a Role (BUI)

Adding a Role (CLI)

Editing Authorizations for a Role (BUI)

Editing Authorizations for a Role (CLI)

Deleting Authorizations from a Role (BUI)

Deleting Authorizations from a Role (CLI)

Adding a User Who Can View the Dashboard

Understanding Users and Roles

User Authorizations

Managing User Properties

Setting Appliance Preferences

Setting Preferences (BUI)

Setting Preferences (CLI)

Setting SSH Public Keys (BUI)

Setting SSH Public Keys (CLI)

Preference Properties

Configuring Alerts

Adding an Alert Action (BUI)

Adding an Alert Action (CLI)

Sending Email Alerts (CLI)

Sending an SNMP Trap (CLI)

Alert Categories

Threshold Alerts

Resuming/Suspending Analytics Datasets and Worksheets

Configuring Certificates

Creating a New Server Certificate (BUI)

Creating a New Server Certificate (CLI)

Uploading CA Certificates from Non-root CAs (BUI)

Uploading CA Certificates from Non-root CAs (CLI)

Viewing CSR and Certificate Details (BUI)

Viewing CSR and Certificate Details (CLI)

Destroying a CSR or Certificate (BUI)

Destroying a CSR or Certificate (CLI)

Setting the Appliance Certificate (BUI)

Setting the Appliance Certificate (CLI)

Uploading Trusted Certificates (BUI)

Uploading Trusted Certificates (CLI)

Viewing Trusted Certificate Details (BUI)

Viewing Trusted Certificate Details (CLI)

Destroying a Trusted Certificate (BUI)

Destroying a Trusted Certificate (CLI)

Assigning a Certificate to a Service (BUI)

Assigning a Certificate to a Service (CLI)

Appliance Services

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Editing Authorizations for a Role (CLI)

A role is a collection of privileges that can be assigned to a user. Use the following procedure to edit authorizations for a role.

Go to configuration roles.
Type select followed by the role name.
Type authorizations.
Type create to add an authorization.
Type set scope= followed by the scope name. Use tab-completion to see the list.
Type show to see both available filters and authorizations.
Type set to set the desired authorizations to true, and set the filters (if available). Tab-completion helps show which filter settings are valid.
Type commit.
The authorization has now been added.

Example 7 Adding the Authorization to Restart the HTTP Service

This example adds the authorization to restart the HTTP service. This example also shows the output of tab-completion, which lists valid input and is useful when determining the valid scopes and filter options.

hostname:configuration roles > select webadmin
hostname:configuration roles webadmin > authorizations
hostname:configuration roles webadmin authorizations > create
hostname:configuration roles webadmin auth (uncommitted) > set scope=tab 
ad           cluster      net          schema       update       
alert        hardware     replication  stat         user         
appliance    nas          role         svc          worksheet    
hostname:configuration roles webadmin auth (uncommitted) > set scope=svc
                         scope = svc
hostname:configuration roles webadmin auth (uncommitted) > show
Properties:
                         scope = svc
                       service = *
              allow_administer = false
               allow_configure = false
                 allow_restart = false

hostname:configuration roles webadmin auth (uncommitted) > set service=tab 
*               ftp             ipmp            nis             ssh
ad              http            iscsi           ntp             tags
smb            identity        ldap            routing         vscan
datalink:igb0   idmap           ndmp            scrk            
dns             interface:igb0  nfs             snmp            
hostname:configuration roles webadmin auth (uncommitted) > set service=http
                       service = http (uncommitted)
hostname:configuration roles webadmin auth (uncommitted) > set allow_restart=true
                 allow_restart = true (uncommitted)
hostname:configuration roles webadmin auth (uncommitted) > commit
hostname:configuration roles webadmin authorizations > list
NAME       OBJECT                               PERMISSIONS
auth-000   svc.http                             restart

Related Topics

Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved.