Articles in this section

view modify

Sara Levy
  • Updated
Follow

This command modifies a view.

General Usage

view modify --id VIEW_ID
            [--path PATH]
            [--protocols PROTOCOLS] 
            [--alias ALIAS]
            [--share SHARE]
            [--policy-id ID]
            [--cluster-id ID]
            [--create-dir]
            [--s3-versioning]
            [--s3-locks]
            [--s3-locks-retention-period S3_LOCKS_RETENTION_PERIOD]
            [--s3-locks-retention-mode NONE|GOVERNANCE|COMPLIANCE]
            [--bucket BUCKET]
            [--bucket-owner BUCKET_OWNER]
            [--bucket-creators BUCKET_CREATORS]
            [--allow-anonymous-access]
            [--block-anonymous-access]
            [--s3-bucket-ownership-rule BucketOwnerEnforced|BucketOwnerPreferred|ObjectWriter|None]
            [--enable-share-acl]|[--disable-share-acl]
            [--clear-share-acl]
            [--share-ace-grantee users|groups]
            [--share-ace-permissions FULL|READ|CHANGE]
            [{--share-ace-sid-str SID_STR}|{--share-ace-uid-or-gid UID_OR_GID}]
            [--remove-share-ace-name NAME --remove-share-ace-fqdn FQDN]
 

Share-Level ACL Usage

To enable or disable share-level ACL on the view:

view modify --id VIEW_ID --enable-share-acl|--disable-share-acl

To add an ACE to the view's share-level ACL:

view modify --id VIEW_ID
            --share-ace-grantee users|groups
            {--share-ace-sid-str SID_STR}|{--share-ace-uid-or-gid UID_OR_GID}
            --share-ace-permissions FULL|READ|CHANGE

To clear all ACEs from the view's share-level ACL:

view modify --id VIEW_ID
            --clear-share-acl

To remove an ACE:

view modify --id VIEW_ID
            --remove-share-ace-name NAME
            --remove-share-ace-fqdn FQDN
 

Required Parameters

--id VIEW_ID

Specifies the ID of the view you want to modify.
 

Options

--path PATH

Modifies the Element Store path to be exposed to clients. It can be a directory that was already created by a client inside an exposed parent directory, or it can be a new directory, in which case you must specify the --create_dir option to create the directory.

Example:

--path /a/b/c

--protocols PROTOCOLS

Specifies which protocol(s) the view will be exposed to.

Specify PROTOCOLS as a string value for a single protocol or a comma separated list of strings to enable multiple protocols. Valid string values are:

  • NFS. To expose the view as an NFS export to clients using NFS version 3.

  • NFS4. To expose the view as an NFS export to clients using NFS version 4.1.

  • SMB (Not in combination with ENDPOINT). To expose the view as an SMB share to SMB clients.

  • S3 (Not in combination with ENDPOINT). To expose the view as an S3 bucket.

  • ENDPOINT (Not in combination with SMB or S3). To create an S3 Endpoint, which is a template for creating buckets via S3 APIs. Whenever a bucket is created using this endpoint, a new view is created under the specified path. See Managing S3 Request-Initiated Bucket Creation for more information about S3 Endpoint buckets.

Examples:

--protocols NFS,SMB

--protocols NFS,NFS4,ENDPOINT

--protocols NFS,S3

--protocols SMB

--alias ALIAS

For NFSv3 exports, specifies an alternative shorter name for the path that can be used alternatively when mounting. Optional and relevant only if the view is exposed to NFS. An alias must begin with a forward slash ("/") and must consist of only ASCII characters.

--share SHARE

Specifies the SMB share name. Required if the view is exposed to SMB. The name cannot include the following characters: /\:|<>*?"

--policy-id ID

Specifies which view policy to apply. If unspecified, the default policy (ID 1) is used.

--create-dir

Creates a directory at the specified path. Include this option of the directory does not already exist.

--s3-versioning

Enables object versioning on the bucket if S3 is specified in --protocols.

--s3-locks

Enables S3 object locking on the view bucket, if S3 is specified in --protocols. This setting can't be disabled after it is enabled.

--s3-locks-retention-period S3_LOCKS_RETENTION_PERIOD

Sets a default retention period for objects in the bucket, if S3 object locking is enabled.

If set, object versions that are placed in the bucket are automatically protected with a retention lock with the specified retention period, unless --s3-locks-retention-mode is set to NONE. Otherwise, by default, each object version has no automatic protection but can be configured with a retention period or legal hold. For more information, see S3 Object Locking Overview.

Specify S3_LOCKS_RETENTION_PERIOD as an integer followed by a symbol. For example: 1y for one year.

--s3-locks-retention-mode NONE|GOVERNANCE|COMPLIANCE

Sets a default retention mode for objects in the bucket.

Possible values:

  • NONE (default). Object versions that are placed in the bucket have no automatic protection but can be configured with a retention period or legal hold.

  • GOVERNANCE. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to governance.

  • COMPLIANCE. Object versions that are placed in the bucket are automatically protected with a retention lock with retention mode set to compliance.

--bucket BUCKETNAME

Specifies the name of an S3 bucket. Required if S3 is specified in --protocols.

--bucket-owner BUCKET_OWNER

Specifies a user to be the bucket owner. Required if S3 is specified in --protocols.

--bucket-creators BUCKET_CREATORS

Relevant if ENDPOINT is specified in --protocols. Specifies users such that any request to create an S3 bucket that is sent by S3 API by a specified user will use this S3 Endpoint view.

Specify BUCKET_CREATORS as a comma separated list of user names.

Note

Users should not be specified as bucket creators in more than one S3 Endpoint view.

--allow-anonymous-access

If the view has S3 Bucket or S3 Endpoint enabled, include this option to allow anonymous S3 access to the view's S3 bucket.

If allowed, anonymous requests are granted provided that the object ACL grants access to the All Users group (in S3 Native security flavor) or the permission mode bits on the requested file and directory path grant access permission to "others" (in NFS security flavor).

--block-anonymous-access

Blocks anonymous S3 access to the view's S3 bucket, if applicable. This is the default setting.

--s3-object-ownership-rule BucketOwnerEnforced|BucketOwnerPreferred| ObjectWriter|None

Sets one of the following S3 Object Ownership rules:

  • BucketOwnerEnforced. The bucket owner has full control over any object in the bucket. Access to objects is controlled based on policies configured for the bucket. ACLs are not used.

  • BucketOwnerPreferred. The bucket owner has full control over new objects uploaded to the bucket by other users. ACLs can be used to control access to the objects.

  • ObjectWriter. The user that uploads an object has full control over this object. ACLs can be used to let other users access the object.

  • None. Disables S3 Object Ownership for the bucket.

Notice

This option is available starting with VAST Cluster 4.5.0-SP15.

--enable-share-acl

Enables share-level ACL on the view.

This setting enables share-level ACL on the view, which means that SMB requests to access the view will fail unless permission is granted to the requesting user by an ACE.

--disable-share-acl

Disables a share-level ACL on a view.

Share-level ACL is disabled by default.

--clear-share-acl

Removes all ACEs from a share-level ACL if enabled on the view, without disabling share-level ACL.

--share-ace-grantee users|groups

Specifies a grantee type when running the command to configure an Access Control Entry (ACE) in a share-level ACL.

See also Share-Level ACL Usage .

Possible values:

  • users. Specify this option when configuring an ACE for a user.

  • groups. Specify this option when configuring an ACE for a group.

--share-ace-permissions READ|CHANGE|FULL

Specifies the type of permission to grant to a specified grantee when running the command to configure an Access Control Entry (ACE) in a share-level ACL.

See also Share-Level ACL Usage .

Possible values:

  • FULL (default). Grants the grantee full control share-level access to the view.

  • READ. Grants the grantee read share-level access to the view.

  • CHANGE. Grants the grantee change share-level access to the view.

--share-ace-sid-str SID_STR

Specifies a grantee by SID identifier when running the command to configure an Access Control Entry (ACE) in a share-level ACL.

See also Share-Level ACL Usage .

Specify UID or GID as the exact value of the user's or group's SID_STR attribute value on a joined AD domain.

To obtain an identifier for a SID, run a query by prefix against the Active Directory domain, using one of the following commands:.

--share-ace-uid-or-gid UID|GID

Specifies a grantee by UID/GID identifier when running the command to configure an Access Control Entry (ACE) in a share-level ACL.

See also Share-Level ACL Usage .

Specify UID or GID as the exact value of the user's or group's UID or GID number on a joined AD domain.

To obtain an identifier for a UID or GID, run a query by prefix against the Active Directory domain, using one of the following commands:.

--remove-share-ace-name NAME

Specifies the grantee name when running the command to remove an ACE from a share-level ACL.

See also Share-Level ACL Usage .

--remove-share-ace-fqdn FQDN

Specifies the domain when running the command to remove an ACE for a given from a share-level ACL.

See also Share-Level ACL Usage .
 

Example

This example changes the view policy used by the view that exposes the /dev path of the element store.

vcli: admin> view modify --id 2 --path /dev --policy-id 2

This example removes an ACE from a share-level ACL:

vcli: admin>  view modify --id 101 --remove-share-ace-name joej --remove-share-ace-fqdn ad.arandomorg.com
 
 

Related articles

Comments

0 comments

Article is closed for comments.