tenant create

--name NAME

Specifies a name for the tenant.

--enable-privileged-domain-user-restore-access

Enables the privileged SMB user.

--disable-privileged-domain-user-restore-access

Disables the privileged SMB user.

--enable-privileged-domain-group-backup-access

Enables the privileged SMB group.

--disable-privileged-domain-group-backup-access

Disables the privileged SMB group.

--enable-privileged-domain-group-restore-access

Enables read and write control access for the privileged SMB user group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.

--disable-privileged-domain-group-restore-access

Disables write control access for the SMB privileged user group. If enabled (see --enable-privileged-domain-group-backup-access), the group has read control access. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.

--privileged-domain-user-logon-name PRIVILEGED_USER_NAME

Specifies a custom user name for the SMB privileged user. If not set, the user name is 'vastadmin'.

--privileged-domain-group-sid PRIVILEGED_DOMAIN_GROUP_SID

Specify a custom SID for the privileged SMB group. If not specified, the privileged SMB group SID is the Backup Operators domain group SID (S-1-5-32-551).

--local-administrators-group-name GROUP_NAME

Specify a custom name for the privileged SMB group. If not specified, the privileged SMB group name is Backup Operators.

--default-others-share-level-perm FULL|READ|CHANGE

Sets the default 'Everyone' Group SMB share-level permission for the tenant. This default permission affects all views in which share-level ACL is disabled.

For more information about SMB share-level permissions, see Share-Level ACLs.

Possible values:

--encryption-crn ENCRYPTION_CRN

If encryption is enabled on the cluster with External Key Management (EKM), use this option to provide the identifier for the tenant's encryption group on the connected EKM provider.

You can optionally provide the same CRN for more than one tenant if you want to join multiple tenants to the same encryption group on the EKM. Supply the identifier as ENCRYPTION_CRN.

Encryption CRN is required for tenant creation if EKM encryption is enabled.

The encryption CRN cannot be changed after creating the tenant.

For more information about EKM encryption, see Encryption of Data at Rest.

--trash-gid TRASH_GID

If you want to allow access to the trash folder for non-root NFSv3 users serviced by the tenant, specify this option and provide the GID of the user group that you want to use for this purpose as TRASH_GID. Users who belong to this group will have permission to move files into the trash folder.

By default, the operation of moving files into the trash folder is supported for the root user only.

--client-ip-ranges IP_RANGES

Specifies an array of ranges of client IPs to be served by the tenant. Specify IP_RANGES as an array where ranges are separated by spaces and the start and end IP of each range is separated by a comma.

For example: 10.10.10.2,10.10.10.4 2022:3::69:1337:420:8153,2022:3::69:1337:420:8200

See Providing Client Access to Tenants for more information about dedicating VIP pools to tenants and associating client IPs to a tenant.

--posix-primary-provider AD|LDAP|NIS

Specifies one provider to take precedence over other providers in case of any conflicts between attribute values when user information is retrieved from the providers.

Applicable if more than one provider is enabled (see --ad-provider-id, --ldap-provider-id, nis-provider-id)

--ad-provider-id ID

Select which external authorization providers should be enabled for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations.

--ldap-provider-id ID

Specify up to one LDAP server configuration by its ID in order to enable it for the tenant.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations.

--nis-provider-id ID

Specify up to one NIS configuration by its ID in order to enable it for the tenant.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations.

--vippool-ids VIP_POOL_IDs

Specifies which VIP pools are dedicated to the tenant. Specify VIP_POOL_IDs as a comma separated list of VIP pool IDs.

For example: --vippool-ids 2,5,7,19

See Providing Client Access to Tenants for more information about dedicating VIP pools to tenants and associating client IPs to a tenant.