I know MAV can have numerous approval groups
Am I able to setup a tiered approval process?
- command 1 takes group 1
- command 2 takes group 2
Where group 1 requires 1 additional approval
group 2 requires 2 additional approvals?
#multi admin verification
kind crag
alpine flame
I think I'm understanding your question correctly - yes, MAV rules are per command, so you can make a given command require 2 approvals and default to 1 approval - https://docs.netapp.com/us-en/ontap-cli/security-multi-admin-verify-rule-create.html#description
[-required-approvers {<integer>|-}] - Required Number of Approvers
This specifies the required number of approvers to approve the ONTAP execution request. This is an optional parameter. If required-approvers is not specified for the rule, the required-approvers from the global setting is applied to the ONTAP operation request. The required-approvers from the global setting can be viewed using the security multi-admin-verify show command. The minimum supported value is 1.
[-approval-groups <text>,…] - Approval Groups
This specifies the list of users who can approve the ONTAP operation request. This is an optional parameter. If approval-groups is not specified for the rule, the approval-groups from the global setting is applied to the ONTAP operation request. The approval-groups from the global setting can be viewed using the security multi-admin-verify show command.
kind crag
Do after doing some jiggering.
I cannot for the life of me get two approval groups setup to require two separate number of approvers.
Example:
Storage with a required approver of 1 does
- command 1
- command 2
- command 3
Storage-critical with 2 additional approvers
- cataclysmic command 1
- cataclysmic command 2
- cataclysmic command 3
The moment you attempt to enable a second approval group. It overwrites the first and requires remediation