Vserver スコープ MAV 機能

• ONTAP 9
• マルチ管理者認証

• クエリルールが存在する場合、データvserver接続からコマンドを実行すると、MAV承認を求められます。
• クエリルールが存在する場合、管理vserverからコマンドを実行すると、MAV承認を求められません。
• 例：

Stormbreaker::*> multi-admin-verify rule show
  (security multi-admin-verify rule show)
                            Required  Approval
Vserver    Operation                  Approvers Groups
----------- ------------------------------------------ --------- -------------
Stormbreaker
       security login password           -      -
        Query: -multi-admin-approver true -different-user true
       security login unlock            -      -
        Query: -username diag
       security multi-admin-verify approval-group create -  -
       security multi-admin-verify approval-group delete -  -
       security multi-admin-verify approval-group modify -  -
       security multi-admin-verify approval-group replace - -
       security multi-admin-verify modify      -      -
       security multi-admin-verify rule create   -      -
       security multi-admin-verify rule delete   -      -
       security multi-admin-verify rule modify   -      -
       set                     -      -
        Query: -privilege diagnostic
      volume snapshot delete           -      MAV_group1
        Query: -vserver cifs
12 entries were displayed.

上記の出力では、「cifs」vserver でのスナップショットの削除に対してのみ MAV の承認が必要であると述べていることに注意してください。 

• 管理 vserver から実行した場合の動作：

Stormbreaker::> snapshot delete -vserver aws_kms -volume aws_kms_root  -snapshot hourly.2024-04-24_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-04-24_0805" for
     volume "aws_kms_root" in Vserver "aws_kms" ? {y|n}: y

Stormbreaker::> snapshot delete -vserver cifs -volume audit_log -snapshot hourly.2024-04-24_0905

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
     Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 1) is auto-generated and requires approval.
 

• データ vserver から実行した場合の動作しない動作：

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: This operation requires multi-admin verification. To create a verification request use "security multi-admin-verify request create".
     Would you like to create a request for this operation? {y|n}: y

Error: command failed: The security multi-admin-verify request (index 4) is auto-generated and requires approval.

cifs::> snapshot delete -volume gregg -snapshot hourly.2024-05-08_0805

Warning: Deleting a Snapshot copy permanently removes data that is stored only in that Snapshot copy. Are you sure you want to delete Snapshot copy "hourly.2024-05-08_0805" for
     volume "gregg" in Vserver "cifs" ? {y|n}: y