rancid geode
I'm trying to hide some SVMs from different admin users logging into the cluster, to avoid accidentally touching the wrong SVM. E.g., all SVMs starting with "ben" should only be visible to user ben, and all SVMs not starting with "ben" shouldn't be visible to user notben.
I started with creating a security login role with cmddir "DEFAULT" having none access, and then for each top level cmddir query being "-vserver !ben*". At a first glance, this seems to work great for network, vserver, and volume sets of commands. But "cluster show" says "Error: show failed: not authorized for that command". Removing the query restriction on "cluster" makes it work, but leaves me feeling like I'm missing something. Changing the DEFAULT to readonly stops hiding anything.
Any tips or pointers at something I should be looking at?
light lagoon
lime chasm