|
APIs in Category: Rbac |
API version 4.0 |
RbacAccessCheck |
This set of API's can be used To manage an RBAC infrastructure as well as for making applications RBAC aware. Applications can become a Policy Enforcement Point (PEP) by utilizing these API's. There are Interfaces for populating as well as administering RBAC data. The data lives in the DFM database. Applications can add access control To resources by calling RbacAccessCheck (defined below). By making this call, they effectively become RBAC aware. Some APIs depend on a Resource. The specifics of a Resource are defined by the definition, ResourceIdentifier. |
| RbacAccessCheck (supported) | [top] |
Checks whether the given admin or usergroup has access To the specified Resource. For example, RbacAccessCheck will return "allow" or "deny" on the following Query: Is admin joe allowed To configure storage system, host1.abc.xyz.com, From DFM? One could pass the following as input To answer this question: admin=joe operation=DFM.Event.Read resource=host1.abc.xyz.com In order To prevent an admin From querying everyone's privileges on the system, the system will only allow Admins To check their own access by cross-referencing with however they authenticated To the API server. If the admin has Full Control, or has the Privilege To Query other admin's access, then they will be allowed To make the Query. Per software security best practice, this API limits Error reporting when access is denied on a particular Resource.
Input Name Type RbacAccessCheck RbacAccessCheck
Output Name Type RbacAccessCheckResult RbacAccessCheckResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR
| RbacAdminListInfoIterEnd (supported) | [top] |
Ends listing of Admins.
Input Name Type RbacAdminListInfoIterEnd RbacAdminListInfoIterEnd
Output Name Type RbacAdminListInfoIterEndResult RbacAdminListInfoIterEndResult
Error Name Description EINVALIDTAG
| RbacAdminListInfoIterNext (supported) | [top] |
Returns items From list generated by RbacAdminListInfoIterStart.
Input Name Type RbacAdminListInfoIterNext RbacAdminListInfoIterNext
Output Name Type RbacAdminListInfoIterNextResult RbacAdminListInfoIterNextResult
Error Name Description EINVALIDTAG
| RbacAdminListInfoIterStart (supported) | [top] |
Lists all the administrators and their Attributes.
Input Name Type RbacAdminListInfoIterStart RbacAdminListInfoIterStart
Output Name Type RbacAdminListInfoIterStartResult RbacAdminListInfoIterStartResult
Error Name Description EDATABASEERROR EOBJECTAMBIGUOUS EOBJECTNOTFOUND
| RbacAdminRoleAdd (supported) | [top] |
Assign an existing role To an existing administrator or usergroup. The administrator effectively gains the Capabilities From the role and its inherited roles. As for a usergroup, all Members of the usergroup will gain the Capabilities assigned To that role and its inherited roles.
Input Name Type RbacAdminRoleAdd RbacAdminRoleAdd
Output Name Type RbacAdminRoleAddResult RbacAdminRoleAddResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE ENOTFOUNDUSER EROLEASSIGNED
| RbacAdminRoleInfoList (supported) | [top] |
List the administrators or usergroups assigned To an existing role directly or indirectly. In essence, this API lists the Admins or usergroups that have the Capabilities of the given role. This API drills into all the possible ways that an admin or usergroup can effectively have the given role. Admins or usergroups are assigned roles indirectly via role inheritance or usergroup assignment (note: a usergroup can be a member of another usergroup). So an admin or usergroup will be listed if any of the following conditions apply: 1. Given role is directly assigned To the admin or usergroup 2. Admin or usergroup has a role directly assigned that inherits given role. 3. Admin or usergroup gains the given role via usergroup membership
Input Name Type RbacAdminRoleInfoList RbacAdminRoleInfoList
Output Name Type RbacAdminRoleInfoListResult RbacAdminRoleInfoListResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTASSIGNEDROLE
| RbacAdminRoleRemove (supported) | [top] |
Remove one or more roles From an administrator or usergroup. The admin will no longer have the Capabilities gained From the role(s) and its inherited roles. As for a usergroup, the Members of the usergroup will no longer have the Capabilities gained From the role(s) and its inherited roles. If DeleteAll is not specified or is FALSE, then RoleNameOrId must be specified. If DeleteAll is TRUE, then all roles assigned To admin will be removed.
Input Name Type RbacAdminRoleRemove RbacAdminRoleRemove
Output Name Type RbacAdminRoleRemoveResult RbacAdminRoleRemoveResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE ENOTFOUNDUSER
| RbacOperationAdd (supported) | [top] |
Add a new Operation To the RBAC system. An Operation is an ability To perform an Action on a particular Resource Type. An Operation is tied To a specific application so that different applications are able To manage access control that are specific To them.
Input Name Type RbacOperationAdd RbacOperationAdd
Output Name Type RbacOperationAddResult RbacOperationAddResult
Error Name Description EDUPOPERATION EINTERNALERROR EINVALIDAPPLICATIONNAME EINVALIDINPUTERROR EINVALIDLONGDESC EINVALIDOPERATIONNAME EINVALIDRESOURCETYPE EINVALIDSHORTDESC
| RbacOperationDelete (supported) | [top] |
Delete an existing Operation
Input Name Type RbacOperationDelete RbacOperationDelete
Output Name Type RbacOperationDeleteResult RbacOperationDeleteResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDOPERATION EOPERATIONISPERMANENT
| RbacOperationInfoList (supported) | [top] |
Get information about an existing Operation or all operations in the system.
Input Name Type RbacOperationInfoList RbacOperationInfoList
Output Name Type RbacOperationInfoListResult RbacOperationInfoListResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDOPERATION
| RbacRoleAdd (supported) | [top] |
Add a new role To the RBAC system
Input Name Type RbacRoleAdd RbacRoleAdd
Output Name Type RbacRoleAddResult RbacRoleAddResult
Error Name Description EDUPLICATEROLE EINTERNALERROR EINVALIDDESCRIPTION EINVALIDINPUTERROR EINVALIDROLENAME ENOTFOUNDROLE
| RbacRoleAdminInfoList (supported) | [top] |
List the roles assigned To an existing administratror or usergroup. A role is considered assigned To the administrator if that role is gained directly or indirectly via role inheritance or usergroup membership.
Input Name Type RbacRoleAdminInfoList RbacRoleAdminInfoList
Output Name Type RbacRoleAdminInfoListResult RbacRoleAdminInfoListResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDUSER
| RbacRoleCapabilityAdd (supported) | [top] |
Add an existing resource/operation pair To a role. In essence, this adds a Capability To a role.
Input Name Type RbacRoleCapabilityAdd RbacRoleCapabilityAdd
Output Name Type RbacRoleCapabilityAddResult RbacRoleCapabilityAddResult
Error Name Description EDUPCAPABILITY EINTERNALERROR EINVALIDINPUTERROR EINVALIDRESOURCE ENOTFOUNDOPERATION ENOTFOUNDROLE EROLEISPERMANENT
| RbacRoleCapabilityRemove (supported) | [top] |
Remove one or more Capabilities (resource/operation pair) From an existing role. If DeleteAll is TRUE, it removes all Capabilities From given role. Otherwise, it removes only the given Capability (resource/operation pair). If DeleteAll is not specified or is FALSE, then Operation and Resource must be specified.
Input Name Type RbacRoleCapabilityRemove RbacRoleCapabilityRemove
Output Name Type RbacRoleCapabilityRemoveResult RbacRoleCapabilityRemoveResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTASSIGNEDCAPABILITY ENOTFOUNDOPERATION ENOTFOUNDROLE EROLEISPERMANENT
| RbacRoleDelete (supported) | [top] |
Delete an existing role From the RBAC system
Input Name Type RbacRoleDelete RbacRoleDelete
Output Name Type RbacRoleDeleteResult RbacRoleDeleteResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE EROLEISPERMANENT
| RbacRoleDisinherit (supported) | [top] |
Disinherit one or more roles. The Effect is that the affected role will no longer have the Capabilities gained From the disinherited role(s). If DisinheritAll is not specified or is FALSE, then DisinheritedRoleNameOrId must be specified.
Input Name Type RbacRoleDisinherit RbacRoleDisinherit
Output Name Type RbacRoleDisinheritResult RbacRoleDisinheritResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE ENOTINHERITEDROLE EROLEISPERMANENT
| RbacRoleInfoList (supported) | [top] |
Get the operations, Capabilities and inherited roles that one or more roles have.
Input Name Type RbacRoleInfoList RbacRoleInfoList
Output Name Type RbacRoleInfoListResult RbacRoleInfoListResult
Error Name Description EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE
| RbacRoleInherit (supported) | [top] |
Inherit From a role. The Effect is that the affected role will gain the Capabilities From the inherited role.
Input Name Type RbacRoleInherit RbacRoleInherit
Output Name Type RbacRoleInheritResult RbacRoleInheritResult
Error Name Description EDUPLICATEROLEREF EINTERNALERROR EINVALIDINPUTERROR ENOTFOUNDROLE EROLEISPERMANENT
| RbacRoleModify (supported) | [top] |
Modify an existing role Name and/or its Description.
Input Name Type RbacRoleModify RbacRoleModify
Output Name Type RbacRoleModifyResult RbacRoleModifyResult
Error Name Description EINTERNALERROR EINVALIDDESCRIPTION EINVALIDINPUTERROR EINVALIDROLENAME ENOTFOUNDROLE EROLEISPERMANENT
| Element definition: RbacAccessCheck | [top] |
Checks whether the given admin or usergroup has access To the specified Resource. For example, RbacAccessCheck will return "allow" or "deny" on the following Query: Is admin joe allowed To configure storage system, host1.abc.xyz.com, From DFM? One could pass the following as input To answer this question: admin=joe operation=DFM.Event.Read resource=host1.abc.xyz.com In order To prevent an admin From querying everyone's privileges on the system, the system will only allow Admins To check their own access by cross-referencing with however they authenticated To the API server. If the admin has Full Control, or has the Privilege To Query other admin's access, then they will be allowed To make the Query. Per software security best practice, this API limits Error reporting when access is denied on a particular Resource.
Name Type Description AdminNameOrId xsd:string
The admin or usergroup Name or object Id of an admin or usergroup To check access. Operation xsd:string
Operation requested on given Resource Resource WrapperOfResourceIdentifier
The specific Resource To check access
| Element definition: RbacAccessCheckResult | [top] |
Name Type Description GlobalUsergroupStatus xsd:string
If roles assigned To global usergroup accounts where considered, but it was not possible To get glogal Group account information From the system, then GlobalUsergroupStatus will contain the Reason why it was not possible To get global Group account information From the system. An empty Value in this field means that roles assigned To global usergroup accounts were considered and it was possible To obtain this information From the system LocalUsergroupStatus xsd:string
If roles assigned To local usergroup accounts where considered, but it was not possible To get local Group account information From the system, then LocalUsergroupStatus will contain the Reason why it was not possible To get local Group account information From the system. An empty Value in this field means that roles assigned To local usergroup accounts were considered and it was possible To obtain this information From the system, Result xsd:string
Result of whether or not the given admin or usergroup is allowed To perform the specified Action on the given Resource. In essence, it answers whether the given admin or usergroup can perform the specified Operation on the the given Resource. Possible Values: "allow" for access allowed and "deny" for access denied.
| Element definition: RbacAdminListInfoIterEnd | [top] |
Ends listing of Admins.
Name Type Description Tag xsd:string
Tag returned From rbac-admin-list-iter-start.
| Element definition: RbacAdminListInfoIterEndResult | [top] |
[none]
| Element definition: RbacAdminListInfoIterNext | [top] |
Returns items From list generated by RbacAdminListInfoIterStart.
Name Type Description Maximum xsd:integer
The Maximum number of entries To retrieve. Tag xsd:string
The Tag returned in rbac-admin-list-iter-start call.
| Element definition: RbacAdminListInfoIterNextResult | [top] |
Name Type Description Admins ArrayOfAdminInfo
The list returned includes the Id, Name of administrators and their email/pager addresses. Records xsd:integer
The number of Records actually returned. Range: [0..2^31-1].
| Element definition: RbacAdminListInfoIterStart | [top] |
Lists all the administrators and their Attributes.
Name Type Description AdminNameOrId xsd:string
optional
The admin or usergroup Name or Id whose details are necessary.
| Element definition: RbacAdminListInfoIterStartResult | [top] |
Name Type Description Records xsd:integer
Number indicating how many items are available for future retrieval with RbacAdminListInfoIterNext. Tag xsd:string
Tag To be used in subsequent calls To RbacAdminListInfoIterNext or RbacAdminListInfoIterEnd.
| Element definition: RbacAdminRoleAdd | [top] |
Assign an existing role To an existing administrator or usergroup. The administrator effectively gains the Capabilities From the role and its inherited roles. As for a usergroup, all Members of the usergroup will gain the Capabilities assigned To that role and its inherited roles.
Name Type Description AdminNameOrId xsd:string
The admin or usergroup Name or object Id of an admin or usergroup To add role To. RoleNameOrId xsd:string
A role Name or object Id of a role To add To an administrator or usergroup.
| Element definition: RbacAdminRoleAddResult | [top] |
Name Type Description AdminNameOrId WrapperOfRbacAdminNameOrId
The Name of the new admin or usergroup or the object Id of the new admin or usergroup.
| Element definition: RbacAdminRoleInfoList | [top] |
List the administrators or usergroups assigned To an existing role directly or indirectly. In essence, this API lists the Admins or usergroups that have the Capabilities of the given role. This API drills into all the possible ways that an admin or usergroup can effectively have the given role. Admins or usergroups are assigned roles indirectly via role inheritance or usergroup assignment (note: a usergroup can be a member of another usergroup). So an admin or usergroup will be listed if any of the following conditions apply: 1. Given role is directly assigned To the admin or usergroup 2. Admin or usergroup has a role directly assigned that inherits given role. 3. Admin or usergroup gains the given role via usergroup membership
Name Type Description RoleNameOrId xsd:string
An role Name or object Id of a role.
| Element definition: RbacAdminRoleInfoListResult | [top] |
Name Type Description AdminList ArrayOfRbacAdminOrUsergroup
List of Admins and usergroups assigned To given role
| Element definition: RbacAdminRoleRemove | [top] |
Remove one or more roles From an administrator or usergroup. The admin will no longer have the Capabilities gained From the role(s) and its inherited roles. As for a usergroup, the Members of the usergroup will no longer have the Capabilities gained From the role(s) and its inherited roles. If DeleteAll is not specified or is FALSE, then RoleNameOrId must be specified. If DeleteAll is TRUE, then all roles assigned To admin will be removed.
Name Type Description AdminNameOrId xsd:string
An admin or usergroup Name or object Id of an admin or usergroup To remove role From. If DeleteAll is not specified or is FALSE then RoleNameOrId must be specified. DeleteAll xsd:boolean
optional
If TRUE, removes all the roles for given administrator RoleNameOrId xsd:string
optional
A role Name or object Id of a role To remove From an admin or usergroup.
| Element definition: RbacAdminRoleRemoveResult | [top] |
[none]
| Element definition: RbacOperationAdd | [top] |
Add a new Operation To the RBAC system. An Operation is an ability To perform an Action on a particular Resource Type. An Operation is tied To a specific application so that different applications are able To manage access control that are specific To them.
Name Type Description Operation WrapperOfRbacOperation
Operation To be added
| Element definition: RbacOperationAddResult | [top] |
[none]
| Element definition: RbacOperationDelete | [top] |
Delete an existing Operation
Name Type Description Operation xsd:string
Operation To delete
| Element definition: RbacOperationDeleteResult | [top] |
[none]
| Element definition: RbacOperationInfoList | [top] |
Get information about an existing Operation or all operations in the system.
Name Type Description Operation xsd:string
optional
Operation To get information about. If not specified, then it gets info on all operations in the system.
| Element definition: RbacOperationInfoListResult | [top] |
Name Type Description OperationList ArrayOfRbacOperation
A list of operations with their details
| Element definition: RbacRoleAdd | [top] |
Add a new role To the RBAC system
Name Type Description Description xsd:string
optional
Description of the role. The Maximum Length is 255 characters. OwnerNameOrId xsd:string
optional
Owner role Name To add. The Maximum Length is 64 characters. RoleName xsd:string
Role Name To add. The Maximum Length is 64 characters.
| Element definition: RbacRoleAddResult | [top] |
Name Type Description RoleId xsd:integer
role Id of the newly created role.
| Element definition: RbacRoleAdminInfoList | [top] |
List the roles assigned To an existing administratror or usergroup. A role is considered assigned To the administrator if that role is gained directly or indirectly via role inheritance or usergroup membership.
Name Type Description AdminNameOrId xsd:string
An administrator or usergroup Name or object Id of an administrator or usergroup To list roles assigned. FollowRoleInheritance xsd:boolean
optional
If TRUE, return all roles that given role inherits directly and indirectly. If FALSE or not set, return only roles that are directly assigned To the given administrator or usergroup.
| Element definition: RbacRoleAdminInfoListResult | [top] |
Name Type Description AdminNameOrId WrapperOfRbacAdminNameOrId
The Name of the admin or usergroup or the object Id of the admin or usergroup. GlobalUsergroupStatus xsd:string
optional
If roles assigned To global usergroup accounts where considered, but it was not possible To get glogal Group account information From the system, then GlobalUsergroupStatus will contain the Reason why it was not possible To get global Group account information From the system. An empty Value in this field means that roles assigned To global usergroup accounts were considered and it was possible To obtain this information From the system LocalUsergroupStatus xsd:string
optional
If roles assigned To local usergroup accounts where considered, but it was not possible To get local Group account information From the system, then LocalUsergroupStatus will contain the Reason why it was not possible To get local Group account information From the system. An empty Value in this field means that roles assigned To local usergroup accounts were considered and it was possible To obtain this information From the system, RoleList ArrayOfRbacRoleResource
optional
A list of role names assigned To the given administratror or usergroup. The list will be empty if no roles are currently assigned To the administrator or usergroup.
| Element definition: RbacRoleCapabilityAdd | [top] |
Add an existing resource/operation pair To a role. In essence, this adds a Capability To a role.
Name Type Description Operation xsd:string
An existing Operation To add To the specified role. Resource WrapperOfResourceIdentifier
The Resource associated with the given Operation RoleNameOrId xsd:string
Role Name or object Id of the role To add the Capability (operation/resource pair)
| Element definition: RbacRoleCapabilityAddResult | [top] |
[none]
| Element definition: RbacRoleCapabilityRemove | [top] |
Remove one or more Capabilities (resource/operation pair) From an existing role. If DeleteAll is TRUE, it removes all Capabilities From given role. Otherwise, it removes only the given Capability (resource/operation pair). If DeleteAll is not specified or is FALSE, then Operation and Resource must be specified.
Name Type Description DeleteAll xsd:boolean
optional
If TRUE, removes all the Capabilities for given role. If FALSE, a valid Operation must be provided in the Operation parameter. Operation xsd:string
optional
An Operation To remove. If DeleteAll is FALSE, the caller must provide a valid Operation here. Resource WrapperOfResourceIdentifier
optional
The Resource associated with the given Operation. If DeleteAll is FALSE, the caller must provide a valid Resource identifier here. RoleNameOrId xsd:string
Role Name or object Id of the role To remove the Capability.
| Element definition: RbacRoleCapabilityRemoveResult | [top] |
[none]
| Element definition: RbacRoleDelete | [top] |
Delete an existing role From the RBAC system
Name Type Description RoleNameOrId xsd:string
A role Name or object Id of a role To delete
| Element definition: RbacRoleDeleteResult | [top] |
[none]
| Element definition: RbacRoleDisinherit | [top] |
Disinherit one or more roles. The Effect is that the affected role will no longer have the Capabilities gained From the disinherited role(s). If DisinheritAll is not specified or is FALSE, then DisinheritedRoleNameOrId must be specified.
Name Type Description DisinheritAll xsd:boolean
optional
If TRUE, disinherits all the roles that given RoleNameOrId inherits. DisinheritedRoleNameOrId xsd:string
optional
A role Name or object Id of a role To disinherit From. RoleNameOrId xsd:string
An existing role Name or object Id of a role To modify.
| Element definition: RbacRoleDisinheritResult | [top] |
[none]
| Element definition: RbacRoleInfoList | [top] |
Get the operations, Capabilities and inherited roles that one or more roles have.
Name Type Description FollowRoleInheritance xsd:boolean
optional
If TRUE, return all roles that given role inherits directly and indirectly. If FALSE or not set, return only roles that are directly inherited by given role. RoleNameOrId xsd:string
optional
Role Name or object Id of a role. If not specified, then it gets info on all the roles.
| Element definition: RbacRoleInfoListResult | [top] |
Name Type Description RoleAttributes ArrayOfRoleAttributesIdentifier
A list of roles and its associated Attributes
| Element definition: RbacRoleInherit | [top] |
Inherit From a role. The Effect is that the affected role will gain the Capabilities From the inherited role.
Name Type Description InheritedRoleNameOrId xsd:string
A role Name or object Id of a role To inherit From. RoleNameOrId xsd:string
A role Name or object Id of a role To modify.
| Element definition: RbacRoleInheritResult | [top] |
[none]
| Element definition: RbacRoleModify | [top] |
Modify an existing role Name and/or its Description.
Name Type Description RoleDescriptionNew xsd:string
optional
The new role Description for the old role, RoleNameOrIdOld. RoleNameNew xsd:string
optional
The new role Name for the old role, RoleNameOrIdOld. RoleNameOrIdOld xsd:string
A role Name or object Id of a role To modify. Either RoleNameNew or RoleDescriptionNew or both must be specified. The object Id of a role cannot be modified.
| Element definition: RbacRoleModifyResult | [top] |
[none]
| Element definition: ArrayOfAdminInfo | [top] |
Name Type Description AdminInfo AdminInfo[]
| Element definition: ArrayOfRbacAdminOrUsergroup | [top] |
Name Type Description RbacAdminOrUsergroup RbacAdminOrUsergroup[]
| Element definition: ArrayOfRbacOperation | [top] |
Name Type Description RbacOperation RbacOperation[]
| Element definition: ArrayOfRbacRoleResource | [top] |
Name Type Description RbacRoleResource RbacRoleResource[]
| Element definition: ArrayOfRoleAttributesIdentifier | [top] |
Name Type Description RoleAttributesIdentifier RoleAttributesIdentifier[]
| Element definition: WrapperOfRbacAdminNameOrId | [top] |
Name Type Description RbacAdminNameOrId RbacAdminNameOrId
| Element definition: WrapperOfRbacOperation | [top] |
Name Type Description RbacOperation RbacOperation
| Element definition: WrapperOfResourceIdentifier | [top] |
Name Type Description ResourceIdentifier ResourceIdentifier
| Element definition: AdminInfo | [top] |
Details of a administrator.
Name Type Description AdminId xsd:integer
The Id of the admin or usergroup. AdminName xsd:string
Name of the admin or usergroup. EmailAddress xsd:string
optional
Email Address of the administrator if it has been set in the server PagerAddress xsd:string
optional
Pager Address of the administrator if it has been set in the server
| Element definition: RbacAdminNameOrId | [top] |
an admin Name or object Id
Name Type Description AdminId xsd:string
The adminId of the administrator AdminName xsd:string
The Name of an administrator
| Element definition: RbacAdminOrUsergroup | [top] |
An admin or usergroup. When used as an input element, specify only one of AdminOrUsergroupName or AdminOrUsergroupId (not both). When used as an output element, both of them are returned.
Name Type Description AdminOrUsergroupId xsd:unsignedInt
optional
The Id of the admin or usergroup which is an object Id From the Objects table within the DFM database. Range: [0..2^32-1] AdminOrUsergroupName xsd:string
optional
An admin or usergroup Name. The format of the admin Name consists of a sequence of one or more characters up To a Maximum of 255 characters. The usergroup refers To an existing usergroup in Microsoft's Active Directory. The format of the usergroup Name is DOMAIN\USER. For example, "ABC\eng"
| Element definition: RbacOperation | [top] |
An Operation
Name Type Description OperationName xsd:string
Name of a Operation. The Maximum Length allowed is 255 characters. It is of the form: . . For example: "DFM.SRM.Read" OperationNameDetails WrapperOfRbacOperationNameDetails
Other details of an Operation
| Element definition: RbacRoleResource | [top] |
Identifies an RBAC role Resource. When used as input only one of RbacRoleName or RbacRoleId is specified. When used as output, both of them will be returned
Name Type Description RbacRoleId xsd:unsignedInt
optional
The object Id of an RBAC role. Range: [0..2^32-1] RbacRoleName xsd:string
optional
An RBAC role Name. Must be less than or equal To 64 characters in Length.
| Element definition: ResourceIdentifier | [top] |
Identifies a Resource. Only one Resource field must be set. i.e. one of ResourceId, RbacRole, Host, Group, storage system, Vfiler, Aggregate, Volume, ResourcePool, Dataset, Qtree, protection Policy, provisioning Policy, Lun or vFiler template. When an object Id is specified, it refers To the object Id field in the Objects table From the DFM database.
Name Type Description Aggregate WrapperOfAggregateResource
optional
An Aggregate Dataset WrapperOfDatasetResource
optional
A DFM Dataset Filer WrapperOfFilerResource
optional
A storage system (Filer) Group WrapperOfGroupResource
optional
A DFM Group Host WrapperOfHostResource
optional
A Host Lun WrapperOfLunResource
optional
A Lun Policy WrapperOfPolicyResource
optional
A Policy can refer To either a protection Policy or provisioning Policy. Qtree WrapperOfQtreeResource
optional
A Qtree RbacRole WrapperOfRbacRoleResource
optional
An RBAC role ResourceId xsd:unsignedInt
optional
An object Id of a Resource. A ResourceId of 0 represents the global Resource which is the global scope. Range: [0..2^32-1] ResourcePool WrapperOfResourcePoolResource
optional
A DFM Resource pool StorageService WrapperOfStorageServiceResource
optional
A Storage Service. Vfiler WrapperOfVfilerResource
optional
A Vfiler VfilerTemplate WrapperOfVfilerTemplateResource
optional
A vFiler template. Volume WrapperOfVolumeResource
optional
A Volume
| Element definition: RoleAttributesIdentifier | [top] |
The Attributes of a role: role Name and Id, inherited roles, Capabilities and operations.
Name Type Description Capabilities ArrayOfRbacResourceOperation
Capabilities assigned To the given role and inherited roles. Description xsd:string
Description of the role InheritedRoles ArrayOfRbacRoleResource
List of inherited roles RoleNameAndId WrapperOfRbacRoleResource
Role Name and its Id
| Element definition: ArrayOfRbacResourceOperation | [top] |
Name Type Description RbacResourceOperation RbacResourceOperation[]
| Element definition: WrapperOfAggregateResource | [top] |
Name Type Description AggregateResource AggregateResource
| Element definition: WrapperOfDatasetResource | [top] |
Name Type Description DatasetResource DatasetResource
| Element definition: WrapperOfFilerResource | [top] |
Name Type Description FilerResource FilerResource
| Element definition: WrapperOfGroupResource | [top] |
Name Type Description GroupResource GroupResource
| Element definition: WrapperOfHostResource | [top] |
Name Type Description HostResource HostResource
| Element definition: WrapperOfLunResource | [top] |
Name Type Description LunResource LunResource
| Element definition: WrapperOfPolicyResource | [top] |
Name Type Description PolicyResource PolicyResource
| Element definition: WrapperOfQtreeResource | [top] |
Name Type Description QtreeResource QtreeResource
| Element definition: WrapperOfRbacOperationNameDetails | [top] |
Name Type Description RbacOperationNameDetails RbacOperationNameDetails
| Element definition: WrapperOfRbacRoleResource | [top] |
Name Type Description RbacRoleResource RbacRoleResource
| Element definition: WrapperOfResourcePoolResource | [top] |
Name Type Description ResourcePoolResource ResourcePoolResource
| Element definition: WrapperOfStorageServiceResource | [top] |
Name Type Description StorageServiceResource StorageServiceResource
| Element definition: WrapperOfVfilerResource | [top] |
Name Type Description VfilerResource VfilerResource
| Element definition: WrapperOfVfilerTemplateResource | [top] |
Name Type Description VfilerTemplateResource VfilerTemplateResource
| Element definition: WrapperOfVolumeResource | [top] |
Name Type Description VolumeResource VolumeResource
| Element definition: AggregateResource | [top] |
Details of an Aggregate Resource. AggregateResourceNameOrId must be specified. If AggregateName is specified, then need To also specify FilerIdentifier.
Name Type Description AggregateResourceNameOrId WrapperOfAggregateNameOrId
An Aggregate Name or Id. If an Aggregate Name is specified, then the FilerIdentifier must also be specified FilerIdentifier WrapperOfFilerResource
optional
The storage system where the Aggregate lives in.
| Element definition: DatasetResource | [top] |
Details of a DFM Dataset Resource. DFM Dataset Name or object Id of a DFM Dataset. When used as input only one of DatasetName or DatasetId is specified. When used as output, both of them will be returned.
Name Type Description DatasetId xsd:unsignedInt
optional
Object Id of a DFM Dataset. Range: [0..2^32-1] DatasetName xsd:string
optional
DFM Dataset Name
| Element definition: FilerResource | [top] |
Details of a storage system Resource. When used as input only one of FilerName or FilerId is specified. When used as output, both of them will be returned.
Name Type Description FilerId xsd:unsignedInt
optional
The object Id or serial number of a storage system. Range: [0..2^32-1] FilerName xsd:string
optional
The FQDN of a storage system
| Element definition: GroupResource | [top] |
Details of a DFM Group Resource. DFM Group Name or object Id of a DFM Group. When used as input only one of GroupName or GroupId is specified. When used as output, both of them will be returned.
Name Type Description GroupId xsd:unsignedInt
optional
Object Id of a DFM Group. Range: [0..2^32-1] GroupName xsd:string
optional
DFM Group Name
| Element definition: HostResource | [top] |
Identifies a Host Resource. When used as input only one of HostName orhost-id is specified. When used as output, both of them will be returned
Name Type Description HostId xsd:unsignedInt
optional
An object Id of a Host. Range: [0..2^32-1] HostName xsd:string
optional
A FQDN of a Host
| Element definition: LunResource | [top] |
Details of a LUN. LunIdentifierNameOrId must be specified. If LunName is specified, then either VolumeIdentifier or HostIdentifier must also be specified. See the Description for LunName for more information.
Name Type Description HostIdentifier WrapperOfHostResource
optional
LUN within a Host. LunNameOrId must be the LUN's serial number or object Id (not Path). LunIdentifierNameOrId WrapperOfLunNameOrId
A LUN's Name or Id. If the LUN's Name is specified, then either VolumeIdentifier or HostIdentifier must also be specified. VolumeIdentifier WrapperOfVolumeResource
optional
LUN within a Volume
| Element definition: PolicyResource | [top] |
Identifies a Policy Resource. When used as input one or more of PolicyName or PolicyId is specified. When used as output, both of them will be returned. Policy can refer To either a protection Policy or a provisioning Policy.
Name Type Description PolicyId ObjId
optional
Object identifier of the protection or proviisoning Policy. PolicyName ObjName
optional
Name of the protection or provisioning Policy.
| Element definition: QtreeResource | [top] |
Details of a Qtree. QtreeIdentifierNameOrId must be specified. If QtreeName is specified, then either VolumeIdentifier or HostIdentifier must also be specified. See the Description for QtreeName for more information.
Name Type Description HostIdentifier WrapperOfHostResource
optional
Host in which the Qtree resides. QtreeIdentifierNameOrId WrapperOfQtreeNameOrId
A Qtree's Name or Id. If the Qtree's Name is specified, then either VolumeIdentifier or HostIdentifier must also be specified. VolumeIdentifier WrapperOfVolumeResource
optional
Volume in which the Qtree resides.
| Element definition: RbacOperationNameDetails | [top] |
more details of an Operation
Name Type Description OperationDescription xsd:string
A longer (multiple line) Description suitable for completely explaining the Operation and the places where it has an Effect. The Maximum Length allowed is 255 characters. OperationSynopsis xsd:string
A short Description (only a few words) suitable for use in a user Interface when showing/ selecting this Operation. The Maximum Length. Allowed is 255 characters. ResourceType xsd:string
Type of Resource that the Operation applies To. Possible Values: "managementstation", "Filer", "Aggregate", "Volume", "Lun", "Vfiler", "Host", "Group", "rbac_role", "Dataset", "resource_pool". Note that Group refers To a DFM Resource Group.
| Element definition: RbacResourceOperation | [top] |
Operation assigned To a given Resource
Name Type Description Operation WrapperOfRbacOperation
Complete details of a Operation Resource WrapperOfResourceIdentifier
The Resource for which the Operation applies
| Element definition: ResourcePoolResource | [top] |
Details of a DFM ResourcePool Resource. DFM ResourcePool Name or object Id of a DFM ResourcePool. When used as input only one of ResourcePoolName or ResourcePoolId is specified. When used as output, both of them will be returned.
Name Type Description ResourcePoolId xsd:unsignedInt
optional
Object Id of a DFM Resource pool. Range: [0..2^32-1] ResourcePoolName xsd:string
optional
DFM Resource pool Name
| Element definition: StorageServiceResource | [top] |
Identifies a storage Service Resource. When used as input, only one of StorageServiceName or StorageServiceId is specified. When used as output, both of them will be returned.
Name Type Description StorageServiceId ObjId
optional
A Storage Service identifier. StorageServiceName ObjName
optional
A Storage Service Name.
| Element definition: VfilerResource | [top] |
Details of a Vfiler Resource. When used as input only one of VfilerNameOrUuid or VfilerId is specified. When used as output, both of them will be returned.
Name Type Description VfilerId xsd:unsignedInt
optional
The object Id of a Vfiler. Range: [0..2^32-1] VfilerNameOrUuid xsd:string
optional
The FQDN or UUID of a Vfiler
| Element definition: VfilerTemplateResource | [top] |
Identifies a Vfiler template Resource. When used as input only one of VfilerTemplateName or VfilerTemplateId is specified. When used as output, both of them will be returned.
Name Type Description VfilerTemplateId ObjId
optional
A vFiler template identifier. VfilerTemplateName ObjName
optional
A vFiler template Name.
| Element definition: VolumeResource | [top] |
Details of a Volume.
Name Type Description AggregateIdentifier WrapperOfAggregateResource
optional
Volume within an Aggregate HostIdentifier WrapperOfHostResource
optional
Host on which the Volume resides. VfilerIdentifier WrapperOfVfilerResource
optional
Volume within a Vfiler e.g. Vfiler where the Volume resides. VolumeIdentifierNameOrId WrapperOfVolumeNameOrId
The Volume Name or Id. If a Volume Name is specified, then either AggregateIdentifier, VfilerIdentifier or HostIdentifier must also be specified.
| Element definition: ObjId | [top] |
Identification number (ID) for a DFM object. This typedef is an alias for the builtin ZAPI Type integer. Object IDs are unsigned integers in the range [1..2^31 - 1]. In some contexts, an object ID is also allowed To be 0, which is interpreted as a null Value, e.g., a reference To no object at all. The ID for a DFM object is always assigned by the system; the user is never allowed To assign an ID To an object. Therefore, an input element of Type ObjId is always used To refer To an existing object by its ID. The ZAPI must specify the object's DFM object Type (e.g. Dataset, Host, DP Policy, etc.). Some ZAPIs allow the object To be one of several different types.
If the Value of an ObjId input element does not Match the ID of any existing DFM object of the specified Type or types, then typically the ZAPI fails with Error code EOBJECTNOTFOUND. A ZAPI may deviate From this general rule, for example, it may return a more specific Error code. In either case, the ZAPI specification must document its behavior.
[none]
| Element definition: ObjName | [top] |
Name of a DFM object. This typedef is an alias for the built in ZAPI Type string. An object Name must conform To the following format: The behavior of a ZAPI when it encounters an Error involving an ObjName input element depends on how the ZAPI uses the input element. Here are the general rules:
- It must contain between 1 and 64 characters.
- It may start with any character and may contain any combination of characters, except that it may not consist solely of decimal digits ('0' through '9').
- In some contexts, a Name may be the empty string (""), which is interpreted as a null Value, e.g., a reference To no object at all.
A ZAPI may deviate From these general rules, for example, it may return more specific Error codes. In such cases, the ZAPI specification must document its behavior.
- If the input Name element is used To create a new object with the given Name, or rename an existing object To that Name, and the Name does not conform To the above format, then the ZAPI fails with Error code EINVALIDINPUTERROR. Note that because EINVALIDINPUTERROR is such a common Error code, ZAPI specifications are not required To document cases when they may return it.
- If the input Name element is used To refer To an existing object with that Name, and there is no object with that Name, then the ZAPI fails with Error code EOBJECTNOTFOUND. Generally the ZAPI specification documents cases when it may return this Error code.
If an input Name element is used To refer To an existing object, then the ZAPI specification must specify which DFM object Type (e.g. data set, Host, DP Policy, etc.) is allowed. Some ZAPIs allow the object To be one of several different types. See the Description of ObjFullName for examples of valid input formats.
Note that there is no requirement that all object names must be unique. However, the names for some specific types of Objects are constrained such that no two Objects of that Type may have the same Name. For example, this constraint applies To Datasets, DP schedules, and DP policies. This means that no two Datasets may have the same Name, but a Dataset may have the same Name as a DP schedule or DP Policy.
In general, object names are compared in a case-insensitive manner. This means that, for example, "MyObject" and "MYOBJECT" are considered To be the same Name for purposes of: creating new Objects, renaming existing Objects, or looking up an object by Name. On the other hand, ZAPIs that return an ObjName generally do not change the capitalization at all. For example, if an object's Name has been set To "MyObject", then list iteration ZAPIs that return the object's Name return it as "MyObject" rather than "MYOBJECT" or "myobject".
ZAPIs that operate on ObjName Values and do not follow these general rules about case sensitivity must document the rules that they do follow.
One important exception To these general rules is that Volumes, Qtrees, OSSV Directories, SRM Paths, Interfaces, FCP Targets and FC switch ports all have case-sensitive names. When looking up Objects of these types by Name, the case must Match the object Name.
[none]
| Element definition: WrapperOfAggregateNameOrId | [top] |
Name Type Description AggregateNameOrId AggregateNameOrId
| Element definition: WrapperOfLunNameOrId | [top] |
Name Type Description LunNameOrId LunNameOrId
| Element definition: WrapperOfQtreeNameOrId | [top] |
Name Type Description QtreeNameOrId QtreeNameOrId
| Element definition: WrapperOfVolumeNameOrId | [top] |
Name Type Description VolumeNameOrId VolumeNameOrId
| Element definition: AggregateNameOrId | [top] |
Details of an Aggregate Name or Id. When used as input only one of AggregateName or AggregateId is specified. When used as output, both of them will be returned.
Name Type Description AggregateId xsd:unsignedInt
optional
The object Id of an Aggregate. Range: [0..2^32-1] AggregateName xsd:string
optional
An Aggregate Name. If this is specified, also need To specify FilerIdentifier.
| Element definition: LunNameOrId | [top] |
Details of a LUN Name or Id. When used as input only one of LunName or LunId is specified. When used as as output both will be returned. If a LunName is specified, then either VolumeIdentifier or HostIdentifier must also be specified.
Name Type Description LunId xsd:unsignedInt
optional
The object Id of a Lun. Range: [0..2^32-1] LunName xsd:string
optional
The serial number or Path Name of a LUN. Path Name of LUN is written as volume-name/lun-name or volume-name/qtree-name/lun-name. One of either VolumeIdentifier or HostIdentifier must also be specified. However, if a HostIdentifier specified, the LunName must be only a serial number.
| Element definition: QtreeNameOrId | [top] |
A Qtree Name or Id. When used as input only one of QtreeName or QtreeId is specified. When used as output, both of them will be returned. If QtreeName is specified, then either HostIdentifier or VolumeIdentifier must also be specified but not both.
Name Type Description QtreeId ObjId
optional
The object Id of a Volume. Range: [0..2^32-1] QtreeName ObjName
optional
The Name of a Qtree. Also need either HostIdentifier or VolumeIdentifier.
| Element definition: VolumeNameOrId | [top] |
A Volume Name or Id. When used as input only one of VolumeName or VolumeId is specified. When used as output, both of them will be returned. If VolumeName is specified, then either HostIdentifier, VfilerIdentifier or AggregateIdentifier must also be specified but not both.
Name Type Description VolumeId xsd:unsignedInt
optional
The object Id of a Volume. Range: [0..2^32-1] VolumeName xsd:string
optional
The Name of a Volume. Also need either HostIdentifier, VfilerIdentifier or AggregateIdentifier.