Netapp role capabilities – List
Capabilities
Most of the times what will do is that, we just add role capabilities like cli-* and api-* but do you know what is the privilege level your providing to user. Always make a practice that what are the permissions required to the user you should always provide them only. see the available capabilities below.
There are five categories of capabilities:
1. login-*
2. cli-*
3. api-*
4. security-*
5. compliance-*
1) This category are used to provide user login and disable user login permissions.
The login-* category includes:
login_telnet
login-console
login-rsh
login-ssh
login_snmp
login-ndmp
login-sp
login-http-admin
2) This category will help to provide permissions to user / group to use command line interface only.
The cli-* category includes:
Basically everything you can run from the Data ONTAP CLI!
For example: cli-help includes just help cli-snapmirror* includes all Snapmirror commands
3) This category will only provide the access to GUI interface which may be FilerView / System Manager.
The api-* type includes:
All of the ONTAP API calls!
Note: These commands require login-httpadmin
For example: api-system-*
4) This category will provide more extra security layer to users / groups to reset password and advanced mode access (priv set advanced )
The security-* type includes:
security-passwd-change-others
security-priv-advanced
security-api-vfiler
security-load-lclgroups
security-complete-user-control
5) This category build extremely for inbuilt admin group
The compliance-* category:
Provides compliance capabilities to users in the “Compliance Administrators” group when issuing snaplock commands – currently, the only privilege associated in this category is:
compliance-privileged-delete
*Source the “Data ONTAP 8.1 Commands: Manual Page Reference For 7-Mode, Volume 1”.
All cli-* capabilities
cli-aggr*
cli-cf*
cli-cifs*
cli-clone*
cli-date*
cli-df*
cli-exportfs*
cli-fcadmin*
cli-fcp*
cli-halt*
cli-ifconfig*
cli-ifgrp*
cli-igroup*
cli-iscsi*
cli-lun*
cli-nfs*
cli-qtree*
cli-rdfile*
cli-reboot*
cli-sis*
cli-snapmirror*
cli-snapvault*
cli-sysconfig*
cli-sysstat*
cli-vol*
All api-* capabilities
api-aggr-add
api-aggr-check-spare-low
api-aggr-create
api-aggr-destroy
api-aggr-get-filer-info
api-aggr-get-root-name
api-aggr-list-info
api-aggr-mediascrub-list-info
api-aggr-mirror
api-aggr-modify-raid-type
api-aggr-offline
api-aggr-online
api-aggr-options-list-info
api-aggr-rename
api-aggr-restrict
api-aggr-scrub-list-info
api-aggr-scrub-resume
api-aggr-scrub-start
api-aggr-scrub-stop
api-aggr-scrub-suspend
api-aggr-set-option
api-aggr-space-list-info
api-aggr-split
api-aggr-verify-list-info
api-aggr-verify-resume
api-aggr-verify-start
api-aggr-verify-stop
api-aggr-verify-suspend
api-cf-force-takeover
api-cf-get-partner
api-cf-giveback
api-cf-service-disable
api-cf-service-enable
api-cf-status
api-cf-takeover
api-cg-commit
api-cg-delete
api-cg-start
api-cifs-branchcache-hash-stat
api-cifs-branchcache-set-key
api-cifs-homedir-path-get-for-user
api-cifs-homedir-paths-get
api-cifs-homedir-paths-set
api-cifs-list-config
api-cifs-nbalias-names-get
api-cifs-nbalias-names-set
api-cifs-session-list-iter-end
api-cifs-session-list-iter-next
api-cifs-session-list-iter-start
api-cifs-setup
api-cifs-setup-create-group-file
api-cifs-setup-create-passwd-file
api-cifs-setup-ou-list-iter-end
api-cifs-setup-ou-list-iter-next
api-cifs-setup-ou-list-iter-start
api-cifs-setup-site-list-iter-end
api-cifs-setup-site-list-iter-next
api-cifs-setup-site-list-iter-start
api-cifs-setup-verify-name
api-cifs-setup-verify-passwd-and-group
api-cifs-share-ace-delete
api-cifs-share-ace-set
api-cifs-share-acl-list-iter-end
api-cifs-share-acl-list-iter-next
api-cifs-share-acl-list-iter-start
api-cifs-share-add
api-cifs-share-change
api-cifs-share-delete
api-cifs-share-list-iter-end
api-cifs-share-list-iter-next
api-cifs-share-list-iter-start
api-cifs-start
api-cifs-status
api-cifs-stop
api-cifs-top-iter-end
api-cifs-top-iter-next
api-cifs-top-iter-start
api-clock-get-clock
api-clock-get-timezone
api-clock-set-clock
api-clock-set-timezone
api-clone-clear
api-clone-list-status
api-clone-start
api-clone-stop
api-copyoffload-copy-abort
api-copyoffload-copy-start
api-copyoffload-copy-status
api-copyoffload-modify
api-copyoffload-show
api-disk-fail
api-disk-list-info
api-disk-remove
api-disk-replace-start
api-disk-replace-stop
api-disk-sanown-assign
api-disk-sanown-filer-list-info
api-disk-sanown-list-info
api-disk-sanown-reassign
api-disk-sanown-remove-ownership
api-disk-unfail
api-disk-update-disk-fw
api-disk-zero-spares
api-ems-autosupport-log
api-fc-config-adapter-disable
api-fc-config-adapter-enable
api-fc-config-list-iter-end
api-fc-config-list-iter-next
api-fc-config-list-iter-start
api-fc-config-set-adapter-fc-type
api-fcp-adapter-clear-partner
api-fcp-adapter-config-down
api-fcp-adapter-config-media-type
api-fcp-adapter-config-up
api-fcp-adapter-initiators-list-info
api-fcp-adapter-list-info
api-fcp-adapter-reset-stats
api-fcp-adapter-set-partner
api-fcp-adapter-set-speed
api-fcp-adapter-stats-list-info
api-fcp-get-cfmode
api-fcp-node-get-name
api-fcp-node-set-name
api-fcp-ping
api-fcp-ping-info
api-fcp-port-name-list-info
api-fcp-port-name-set
api-fcp-port-name-swap
api-fcp-service-start
api-fcp-service-status
api-fcp-service-stop
api-fcp-set-cfmode
api-fcp-wwpnalias-get-alias-info
api-fcp-wwpnalias-remove
api-fcp-wwpnalias-set
api-feature-status-list-info
api-file-create-directory
api-file-create-symlink
api-file-delete-directory
api-file-delete-file
api-file-get-file-info
api-file-get-fingerprint
api-file-list-directory-iter-end
api-file-list-directory-iter-next
api-file-list-directory-iter-start
api-file-read-file
api-file-read-symlink
api-file-rename-directory
api-file-set-snaplock-retention-time
api-file-snaplock-retention-time-list-info
api-file-truncate-file
api-file-write-file
api-flash-device-list-info
api-flash-get-thresholds
api-fpolicy-create-policy
api-fpolicy-destroy-policy
api-fpolicy-disable
api-fpolicy-disable-policy
api-fpolicy-enable
api-fpolicy-enable-policy
api-fpolicy-extensions
api-fpolicy-extensions-list-info
api-fpolicy-get-policy-options
api-fpolicy-get-secondary-servers-info
api-fpolicy-list-info
api-fpolicy-operations-list-set
api-fpolicy-server-list-info
api-fpolicy-server-stop
api-fpolicy-set-policy-options
api-fpolicy-set-secondary-servers
api-fpolicy-status
api-fpolicy-volume-list-info
api-fpolicy-volume-list-set
api-igroup-add
api-igroup-bind-portset
api-igroup-create
api-igroup-destroy
api-igroup-list-info
api-igroup-lookup-lun
api-igroup-remove
api-igroup-rename
api-igroup-set-attribute
api-igroup-unbind-portset
api-iscsi-auth-generate-chap-password
api-iscsi-connection-list-info
api-iscsi-initiator-add-auth
api-iscsi-initiator-auth-list-info
api-iscsi-initiator-delete-auth
api-iscsi-initiator-get-auth
api-iscsi-initiator-get-default-auth
api-iscsi-initiator-list-info
api-iscsi-initiator-modify-chap-params
api-iscsi-initiator-set-default-auth
api-iscsi-interface-disable
api-iscsi-interface-enable
api-iscsi-interface-list-info
api-iscsi-isns-config
api-iscsi-isns-get-info
api-iscsi-isns-start
api-iscsi-isns-stop
api-iscsi-isns-update
api-iscsi-node-get-name
api-iscsi-node-set-name
api-iscsi-portal-list-info
api-iscsi-reset-stats
api-iscsi-service-start
api-iscsi-service-status
api-iscsi-service-stop
api-iscsi-session-list-info
api-iscsi-stats-list-info
api-iscsi-target-alias-clear-alias
api-iscsi-target-alias-get-alias
api-iscsi-target-alias-set-alias
api-iscsi-tpgroup-alua-set
api-iscsi-tpgroup-create
api-iscsi-tpgroup-destroy
api-iscsi-tpgroup-interface-add
api-iscsi-tpgroup-interface-delete
api-iscsi-tpgroup-list-info
api-license-add
api-license-delete
api-license-list-info
api-license-v2-add
api-lock-status-iter-end
api-lock-status-iter-next
api-lock-status-iter-start
api-lun-clear-persistent-reservation-info
api-lun-clone-list-info
api-lun-clone-split-start
api-lun-clone-split-status-list-info
api-lun-clone-split-stop
api-lun-config-check-cfmode-info
api-lun-config-check-info
api-lun-config-check-single-image-info
api-lun-create-by-size
api-lun-create-clone
api-lun-create-from-file
api-lun-create-from-snapshot
api-lun-destroy
api-lun-get-attribute
api-lun-get-comment
api-lun-get-geometry
api-lun-get-inquiry-info
api-lun-get-maxsize
api-lun-get-minsize
api-lun-get-occupied-size
api-lun-get-persistent-reservation-info
api-lun-get-select-attribute
api-lun-get-serial-number
api-lun-get-space-reservation-info
api-lun-get-target-device-id
api-lun-has-scsi-reservations
api-lun-initiator-list-map-info
api-lun-initiator-logged-in
api-lun-list-info
api-lun-map
api-lun-map-list-info
api-lun-move
api-lun-offline
api-lun-online
api-lun-port-has-scsi-reservations
api-lun-reset-stats
api-lun-resize
api-lun-restore-status
api-lun-set-attribute
api-lun-set-comment
api-lun-set-device-id
api-lun-set-select-attribute
api-lun-set-serial-number
api-lun-set-share
api-lun-set-space-reservation-info
api-lun-snap-usage-list-info
api-lun-stats-list-info
api-lun-unmap
api-lun-unset-device-id
api-nameservice-map-gid-to-group-name
api-nameservice-map-group-name-to-gid
api-nameservice-map-sid-to-uid
api-nameservice-map-uid-to-user-name
api-nameservice-map-unix-to-windows
api-nameservice-map-user-name-to-uid
api-nameservice-map-windows-to-unix
api-net-config-get-active
api-net-config-get-persistent
api-net-config-set-persistent
api-net-dcb-list-info
api-net-dcb-priority-list-info
api-net-ifconfig-get
api-net-ifconfig-set
api-net-ipspace-assign
api-net-ipspace-create
api-net-ipspace-destroy
api-net-ipspace-list
api-net-ping
api-net-ping-info
api-net-resolve
api-net-route-add
api-net-route-delete
api-net-vlan-create
api-net-vlan-delete
api-nfs-disable
api-nfs-enable
api-nfs-exportfs-append-rules-2
api-nfs-exportfs-check-permission
api-nfs-exportfs-delete-rules
api-nfs-exportfs-fence-disable
api-nfs-exportfs-fence-enable
api-nfs-exportfs-flush-cache
api-nfs-exportfs-list-rules-2
api-nfs-exportfs-load-exports
api-nfs-exportfs-modify-rule-2
api-nfs-exportfs-storage-path
api-nfs-get-supported-sec-flavors
api-nfs-monitor-add
api-nfs-monitor-list
api-nfs-monitor-reclaim
api-nfs-monitor-remove
api-nfs-monitor-remove-locks
api-nfs-stats-get-client-stats
api-nfs-stats-top-clients-list-iter-end
api-nfs-stats-top-clients-list-iter-next
api-nfs-stats-top-clients-list-iter-start
api-nfs-stats-zero-stats
api-nfs-status
api-options-get
api-options-list-info
api-options-set
api-perf-object-counter-list-info
api-perf-object-get-instances
api-perf-object-get-instances-iter-end
api-perf-object-get-instances-iter-next
api-perf-object-get-instances-iter-start
api-perf-object-instance-list-info-iter-end
api-perf-object-instance-list-info-iter-next
api-perf-object-instance-list-info-iter-start
api-perf-object-list-info
api-portset-add
api-portset-create
api-portset-destroy
api-portset-list-info
api-portset-remove
api-priority-disable
api-priority-enable
api-priority-list-info
api-priority-list-info-default
api-priority-list-info-volume
api-priority-set
api-priority-set-default
api-priority-set-volume
api-qtree-create
api-qtree-delete
api-qtree-list
api-qtree-list-iter-end
api-qtree-list-iter-next
api-qtree-list-iter-start
api-qtree-rename
api-quota-add-entry
api-quota-delete-entry
api-quota-get-entry
api-quota-list-entries-iter-end
api-quota-list-entries-iter-next
api-quota-list-entries-iter-start
api-quota-off
api-quota-on
api-quota-report-iter-end
api-quota-report-iter-next
api-quota-report-iter-start
api-quota-resize
api-quota-set-entry
api-quota-status
api-radius-reset-stats
api-radius-server-add
api-radius-server-remove
api-radius-service-start
api-radius-service-status
api-radius-service-stop
api-radius-show-info
api-radius-stats-list-info
api-reallocate-delete-schedule
api-reallocate-list-info
api-reallocate-measure
api-reallocate-off
api-reallocate-on
api-reallocate-quiesce
api-reallocate-restart
api-reallocate-set-schedule
api-reallocate-start
api-reallocate-stop
api-rsh-get-stats
api-rsh-kill
api-sis-disable
api-sis-enable
api-sis-set-config
api-sis-start
api-sis-status
api-sis-stop
api-snaplock-get-compliance-clock
api-snaplock-get-log-volume
api-snaplock-get-options
api-snaplock-get-system-compliance-clock
api-snaplock-get-volume-compliance-clock
api-snaplock-log-archive
api-snaplock-log-status-list-info
api-snaplock-privileged-delete-file
api-snaplock-set-log-volume
api-snaplock-set-options
api-snaplock-set-system-compliance-clock
api-snapmirror-abort
api-snapmirror-break
api-snapmirror-delete-connection
api-snapmirror-delete-schedule
api-snapmirror-delete-sync-schedule
api-snapmirror-get-status
api-snapmirror-get-volume-status
api-snapmirror-initialize
api-snapmirror-list-connections
api-snapmirror-list-destinations
api-snapmirror-list-schedule
api-snapmirror-list-sync-schedule
api-snapmirror-off
api-snapmirror-on
api-snapmirror-quiesce
api-snapmirror-release
api-snapmirror-resume
api-snapmirror-resync
api-snapmirror-set-connection
api-snapmirror-set-schedule
api-snapmirror-set-sync-schedule
api-snapmirror-throttle
api-snapmirror-update
api-snapshot-autodelete-list-info
api-snapshot-autodelete-set-option
api-snapshot-create
api-snapshot-delete
api-snapshot-delta-info
api-snapshot-get-reserve
api-snapshot-get-schedule
api-snapshot-list-info
api-snapshot-multicreate
api-snapshot-multicreate-validate
api-snapshot-reclaimable-info
api-snapshot-rename
api-snapshot-restore-file
api-snapshot-restore-file-info
api-snapshot-restore-volume
api-snapshot-set-reserve
api-snapshot-set-schedule
api-snapshot-volume-info
api-snapvault-add-softlock
api-snapvault-get-all-softlocked-snapshots
api-snapvault-get-softlocks
api-snapvault-primary-abort-snapshot-create
api-snapvault-primary-abort-transfer
api-snapvault-primary-delete-snapshot-schedule
api-snapvault-primary-destinations-list-info
api-snapvault-primary-get-relationship-status
api-snapvault-primary-initiate-incremental-restore-transfer
api-snapvault-primary-initiate-restore-transfer
api-snapvault-primary-initiate-snapshot-create
api-snapvault-primary-relationship-status-list-iter-end
api-snapvault-primary-relationship-status-list-iter-next
api-snapvault-primary-relationship-status-list-iter-start
api-snapvault-primary-release-relationship
api-snapvault-primary-set-snapshot-schedule
api-snapvault-primary-snapshot-schedule-list-info
api-snapvault-primary-snapshot-schedule-status-list-info
api-snapvault-remove-softlock
api-snapvault-secondary-abort-snapshot-create
api-snapvault-secondary-abort-transfer
api-snapvault-secondary-configuration-list-info
api-snapvault-secondary-create-relationship
api-snapvault-secondary-delete-relationship
api-snapvault-secondary-delete-snapshot-schedule
api-snapvault-secondary-destinations-list-info
api-snapvault-secondary-get-configuration
api-snapvault-secondary-get-relationship-status
api-snapvault-secondary-initiate-incremental-transfer
api-snapvault-secondary-initiate-snapshot-create
api-snapvault-secondary-modify-configuration
api-snapvault-secondary-relationship-status-list-iter-end
api-snapvault-secondary-relationship-status-list-iter-next
api-snapvault-secondary-relationship-status-list-iter-start
api-snapvault-secondary-release-relationship
api-snapvault-secondary-resync-relationship
api-snapvault-secondary-set-snapshot-schedule
api-snapvault-secondary-snapshot-schedule-list-info
api-snapvault-secondary-snapshot-schedule-status-list-info
api-snmp-community-add
api-snmp-community-delete
api-snmp-community-delete-all
api-snmp-disable
api-snmp-enable
api-snmp-get
api-snmp-get-next
api-snmp-status
api-snmp-trap-disable
api-snmp-trap-enable
api-snmp-traphost-add
api-snmp-traphost-delete
api-storage-adapter-enable-adapter
api-storage-adapter-get-adapter-info
api-storage-adapter-get-adapter-list
api-storage-shelf-environment-list-info
api-storage-shelf-list-info
api-storage-shelf-set-led-state
api-storage-shelf-update-fw
api-system-api-list
api-system-available-replication-transfers
api-system-cli
api-system-get-info
api-system-get-ontapi-version
api-system-get-vendor-info
api-system-get-version
api-useradmin-domainuser-add
api-useradmin-domainuser-delete
api-useradmin-domainuser-list
api-useradmin-group-add
api-useradmin-group-delete
api-useradmin-group-list
api-useradmin-group-modify
api-useradmin-role-add
api-useradmin-role-delete
api-useradmin-role-list
api-useradmin-role-modify
api-useradmin-user-add
api-useradmin-user-delete
api-useradmin-user-list
api-useradmin-user-modify
api-useradmin-user-modify-password
api-vfiler-add-ipaddress
api-vfiler-add-storage
api-vfiler-allow-protocol
api-vfiler-create
api-vfiler-destroy
api-vfiler-disallow-protocol
api-vfiler-dr-activate
api-vfiler-dr-configure
api-vfiler-dr-delete
api-vfiler-dr-get-status
api-vfiler-dr-resync
api-vfiler-get-allowed-protocols
api-vfiler-get-disallowed-protocols
api-vfiler-get-status
api-vfiler-list-info
api-vfiler-migrate-cancel
api-vfiler-migrate-complete
api-vfiler-migrate-start
api-vfiler-migrate-status
api-vfiler-remove-ipaddress
api-vfiler-remove-storage
api-vfiler-setup
api-vfiler-start
api-vfiler-stop
api-volume-autosize-get
api-volume-autosize-set
api-volume-charmap-get
api-volume-charmap-set
api-volume-clone-create
api-volume-clone-split-estimate
api-volume-clone-split-start
api-volume-clone-split-status
api-volume-clone-split-stop
api-volume-container
api-volume-create
api-volume-destroy
api-volume-footprint-list-info-iter-end
api-volume-footprint-list-info-iter-next
api-volume-footprint-list-info-iter-start
api-volume-get-language
api-volume-list-info
api-volume-list-info-iter-end
api-volume-list-info-iter-next
api-volume-list-info-iter-start
api-volume-move-abort
api-volume-move-cutover
api-volume-move-pause
api-volume-move-resume
api-volume-move-start
api-volume-move-status
api-volume-offline
api-volume-online
api-volume-options-list-info
api-volume-rename
api-volume-restrict
api-volume-set-language
api-volume-set-option
api-volume-set-total-files
api-volume-size
api-volume-space-list-info-iter-end
api-volume-space-list-info-iter-next
api-volume-space-list-info-iter-start
api-wafl-sync
Thanks for reading the post.
Related Post
Thanks for Your Wonderful Support and Encouragement
More than 40,000 techies are part of our ARKIT community. Join us today and keep learning Linux, Cloud, Storage, DevOps, and IT technologies.
