#netapp.ontap.na_ontap_user_roles for multiple different rights

1 messages · Page 1 of 1 (latest)

green silo
#

Hello together, I am currently trying to build one user role with multiple permissions. To do that I use the na_ontap_user_role module multiple times in a row. This however replaces the user role multiple times, so only the last permissions are granted. Is there a way to only add permissions or grant multiple at once for ZAPI?

fleet pike
#

ZAPI and REST role creation differs very much. Using loops should work fine with ZAPI. Just ensure the module uses ZAPI. Here is an example with nested loops:

`vars:
ontap_roles:
- name: operator
role_access:
- cmd: DEFAULT
access: readonly
- cmd: "network interface migrate"
access: all
- cmd: "network interface modify"
access: all
- cmd: "network interface revert"
access: all
- name: monitoring-role
role_access:
- cmd: DEFAULT
access: readonly
- cmd: "network fcp adapter show"
access: readonly
- cmd: "network interface show"
access: readonly
- cmd: "network port show"

tasks:

  • name: Create User Roles via ZAPI
    na_ontap_user_role:
    state: present
    vserver: "{{ inventory_hostname_short }}"
    name: "{{ item.0.name }}"
    command_directory_name: "{{ item.1.cmd }}"
    access_level: "{{ item.1.access }}"
    <<: *login
    use_rest: never
    loop: "{{ ontap_roles | subelements('role_access') }}"
    loop_control:
    label: "Role: {{ item.0.name }}; Command: {{ item.1.cmd }}; Access: {{ item.1.access }}"`
green silo
#

This works perfectly, thank you very much!

bleak galleon
#

Thanks for the example code, in my case I need to use rest and I'm not able to advance in this task, is there any example code?