This command creates a tenant.
tenant create --name NAME [--enable-privileged-domain-user-restore-access]|[--disable-privileged-domain-user-restore-access] [--enable-privileged-domain-group-backup-access]|[--disable-privileged-domain-group-backup-access] [--enable-privileged-domain-group-restore-access]|[--disable-privileged-domain-group-restore-access] [--privileged-domain-user-logon-name] [--privileged-domain-group-sid SID] [--local-administrators-group-name NAME] [--default-others-share-level-perm FULL|READ|CHANGE] [--encryption-crn ENCRYPTION_CRN] [--trash-gid TRASH_GID] [--client-ip-ranges IP_RANGES] [--posix-primary-provider AD|LDAP|NIS] [--ad-provider-id ID] [--ldap-provider-id ID] [--nis-provider-id ID] [--vippool-ids VIP_POOL_IDs]
|
Enables the privileged SMB user. |
|
Disables the privileged SMB user. |
|
Enables the privileged SMB group. |
|
Disables the privileged SMB group. |
|
Enables read and write control access for the privileged SMB user group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories. |
|
Disables write control access for the SMB privileged user group. If enabled (see |
|
Specifies a custom user name for the SMB privileged user. If not set, the user name is 'vastadmin'. |
|
Specify a custom SID for the privileged SMB group. If not specified, the privileged SMB group SID is the Backup Operators domain group SID (S-1-5-32-551). |
|
Specify a custom name for the privileged SMB group. If not specified, the privileged SMB group name is Backup Operators. |
|
Sets the default 'Everyone' Group SMB share-level permission for the tenant. This default permission affects all views in which share-level ACL is disabled. For more information about SMB share-level permissions, see Share-Level ACLs. Possible values:
|
|
If encryption is enabled on the cluster with External Key Management (EKM), use this option to provide the identifier for the tenant's encryption group on the connected EKM provider. You can optionally provide the same CRN for more than one tenant if you want to join multiple tenants to the same encryption group on the EKM. Supply the identifier as Encryption CRN is required for tenant creation if EKM encryption is enabled. The encryption CRN cannot be changed after creating the tenant. For more information about EKM encryption, see Encryption of Data at Rest. |
|
If you want to allow access to the trash folder for non-root NFSv3 users serviced by the tenant, specify this option and provide the GID of the user group that you want to use for this purpose as By default, the operation of moving files into the trash folder is supported for the root user only. |
|
Specifies an array of ranges of client IPs to be served by the tenant. Specify For example: See Providing Client Access to Tenants for more information about dedicating VIP pools to tenants and associating client IPs to a tenant. |
|
Specifies one provider to take precedence over other providers in case of any conflicts between attribute values when user information is retrieved from the providers. Applicable if more than one provider is enabled (see |
|
Select which external authorization providers should be enabled for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations. |
|
Specify up to one LDAP server configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations. |
|
Specify up to one NIS configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Provider and Protocol Combinations. |
|
Specifies which VIP pools are dedicated to the tenant. Specify For example: See Providing Client Access to Tenants for more information about dedicating VIP pools to tenants and associating client IPs to a tenant. |
vcli: admin> tenant create --name Tenant1 --client-ip-ranges 10.10.10.2,10.10.10.4 11.11.11.2,11.11.11.4 --posix-primary-provider AD --ad-provider-id 1 --nis-provider-id 1
Comments
0 comments
Article is closed for comments.