1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Configuring the Appliance
  3. Configuring Users
  4. Adding a Role (CLI)

Adding a Role (CLI)

A role is a collection of authorizations that can be assigned to a user. Use this procedure to define a new role. Also see the alternative method at the end of this task, which is ideal for cloning a local role as a directory role.

  1. Go to configuration roles.
  2. Enter either local or directory, followed by the name of the role that you want to create. Role types:

    • local - Role applies to this appliance only.

    • directory - Role applies to one of two directory group types and allows logging in as an administrator:

      • LDAP - Role applies to same-named, existing LDAP directory group. For name, enter the exact same name for the LDAP directory group as configured on the LDAP server. Members of the same-named UNIX group are assigned this role and can log in as an administrator.

      • Active Directory - Role applies to same-named, existing Active Directory (AD) group. For name, enter the exact same name in the format name@domain as configured for the AD group members on the AD server. Valid members of the same-named AD group are assigned this role and can log in as an administrator.

  3. Set the description of the role.
  4. Enter commit to add the role.
  5. Select the new role.
  6. Enter authorizations.
  7. Add authorizations for this role.

    See "Scopes, Filters, and Authorizations Available for Users and Roles" in User Authorizations.

    Iterate the following steps until you have added all of the authorizations that you want this role to have:

    1. Enter create.
    2. Enter set scope= followed by the scope name. Use tab-completion to see the list.
    3. Enter show to see available filters, if any, and authorizations.
    4. If a filter is available, set the filter value.

      Use tab-completion to see the list of possible filter values.

    5. Set to true all authorizations that you want to include in this role.
    6. Enter commit.
  8. Enter done and then enter done again.

Alternative Method

To create a new role with the same authorizations as an existing role, use the clone command. In configuration roles, enter clone existing-role-name new-role-name new-role-type . For new-role-type, enter local or directory. The new-role type can be different from the existing type. For example, a local role can be cloned to a directory role. If no role type is specified, the new type is the same as the cloned type.

Related Topics