All manageable entities in the VAST cluster, (known as objects), such as NFS exports, event definitions, CNodes and so on, belong to security realms. When a manager or role has any specific type of access (create/view/edit/delete) to a given realm, that manager has such access to all objects in the realm.
Beside allowing permission to access entire realms, you can configure permissions on each object, allowing specified managers and roles access to the object independent of their permission to access the realm to which the object belongs. This gives you the flexibility, for example, to allow a manager who does not have access to a whole realm, to access a specific object in the realm. Or you might give a manager who only has permission to view a realm to have edit permission for a specific object in the realm.
Find the object in its page, hover over the right-most column in the grid and click the button that appears for the object.
For example, for an export policy, the button appears here when you hover:
The Resource permissions dialog for the object appears. There are two parts that might appear, depending on whether any permissions are already defined:
A permissions grid, displaying any roles and managers who already have permissions to access this object, if there are any.
The Add new dropdown, for adding roles and managers and giving them permission to access the object.
To change permissions for the managers and roles listed, click the access type icons to toggle them on and off, as needed.
To add another manager or role to the list, select the manager or role from the Add new drop-down. When the manager or role is added, click the access types you want to enable for the manager.
To remove an existing manager, remove all of the manager's resource permissions. After saving, the manager will be removed from the list.
To manage object permissions via the CLI, use the following commands.
For full CLI command syntax, including arguments, enter the command at the CLI prompt, followed by ?.