tenant modify

This command modifies a tenant.

Usage

tenant modify --id ID
             [--enable-privileged-domain-user-restore-access]|[--disable-privileged-domain-user-restore-access]
             [--enable-privileged-domain-group-backup-access]|[--disable-privileged-domain-group-backup-access]
             [--enable-privileged-domain-group-restore-access]|[--disable-privileged-domain-group-restore-access]
             [--privileged-domain-user-logon-name]             
             [--privileged-domain-group-sid SID]
             [--local-administrators-group-name NAME]
             [--default-others-share-level-perm FULL|READ|CHANGE]
             [--trash-gid TRASH_GID]
             [--client-ip-ranges IP_RANGES]
             [--posix-primary-provider AD|LDAP|NIS]
             [--login-name-primary-provider AD|LDAP|NIS]
             [--ad-provider-id ID]
             [--detach-ad-provider]
             [--ldap-provider-id ID]
             [--detach-ldap-provider]
             [--nis-provider-id ID]
             [--detach-nis-provider]
             [--enable-use-smb-native|--disable-use-smb-native]
             [--enable-require-smb-signing|--disable-require-smb-signing]
             [--enable-nfs-v4.2]|[--disable-nfs-v4.2]
             [--local-provider-id ID]
             [--preferred-owning-group PROTOCOL_BASED|POSIX_GID]
             [--allowed-delegations READ|WRITE|READ_WRITE|NONE]
             [--enable-grant-unrequested-delegations-by-default|--disable-grant-unrequested-delegations-by-default]
             [--smb-encryption-state OFF|AVAILABLE|DESIRED|REQUIRED]
             [--max-views MAX]
             [--capacity-rules CAPACITY_RULES]
             [--static-limits STATIC_LIMITS|--reset-static-limits]

Required Parameters

--id ID

Specifies which tenant to modify.

Options

`--enable-privileged-domain-user-restore-access`	Enables the privileged SMB user.
`--disable-privileged-domain-user-restore-access`	Disables the privileged SMB user.
`--enable-privileged-domain-group-backup-access`	Enables the privileged SMB group.
`--disable-privileged-domain-group-backup-access`	Disables the privileged SMB group.
`--enable-privileged-domain-group-restore-access`	Enables read and write control access for the privileged SMB user group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.
`--disable-privileged-domain-group-restore-access`	Disables write control access for the SMB privileged user group. If enabled (see `--enable-privileged-domain-group-backup-access`), the group has read control access. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.
`--privileged-domain-user-logon-name PRIVILEGED_USER_NAME`	An optional custom user name for the SMB or NFSv4.1 privileged user. If not set, the user name is 'vastadmin' in the cluster's joined domain'.
`--privileged-domain-group-sid PRIVILEGED_DOMAIN_GROUP_SID`	Specify a custom group SID in order to have a working SMB or NFSv4.1 privileged group with backup operator privileges. If not set, the SMB privileged group is set to the Backup Operators domain group (S-1-5-32-551), which, due to a known issue, does not receive backup operator privileges.
`--local-administrators-group-name GROUP_NAME`	Specify a custom name for the privileged SMB group. If not specified, the privileged SMB group name is Backup Operators.
`--default-others-share-level-perm FULL\|READ\|CHANGE`	Sets the default 'Everyone' Group SMB share-level permission for the tenant. This default permission affects all views in which share-level ACL is disabled. For more information about SMB share-level permissions, see Share-Level ACLs. Share-Level ACLs Possible values: `FULL` (default). Grants all SMB users full control share-level access to views that have Share-level ACL disabled. `READ`. Grants all SMB users read share-level access to views that have Share-level ACL disabled. `CHANGE`. Grants all SMB users change share-level access to views that have Share-level ACL disabled.
`--trash-gid TRASH_GID`	If you want to allow access to the trash folder for non-root NFSv3 users serviced by the tenant, specify this option and provide the GID of the user group that you want to use for this purpose as `TRASH_GID`. Users who belong to this group will have permission to move files into the trash folder. By default, the operation of moving files into the trash folder is supported for the root user only.
`--client-ip-ranges IP_RANGES`	Specifies an array of ranges of client IPs to be served by the tenant. Specify `IP_RANGES` as an array where ranges are separated by spaces and the start and end IP of each range is separated by a comma. For example: `10.10.10.2,10.10.10.4 2022:3::69:1337:420:8153,2022:3::69:1337:420:8200` See Overview of Tenants for more information about dedicating virtual IP pools to tenants and associating client IPs to a tenant.Overview of Tenants
`--posix-primary-provider AD\|LDAP\|NIS`	Specifies one provider to take precedence over other providers in case of any conflicts between attribute values when user information is retrieved from the providers. Applicable if more than one provider is enabled (see `--ad-provider-id`, `--ldap-provider-id`, `nis-provider-id`)
`--login-name-primary-provider AD\|LDAP\|NIS`	Determines which authorization provider is the primary provider for the user’s login name. Applicable if more than one provider is enabled (see `--ad-provider-id`, `--ldap-provider-id`, `nis-provider-id`).
`--ad-provider-id ID`	Specify up to one Active Directory configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster. Authorization Providers in VAST Cluster
`--detach-ad-provider`	Detaches a previously connected Active Directory provider from the tenant.
`--ldap-provider-id ID`	Specify up to one LDAP server configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster. Authorization Providers in VAST Cluster
`--detach-ldap-provider`	Detaches a previously connected LDAP provider from the tenant.
`--nis-provider-id ID`	Specify up to one NIS configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster. Authorization Providers in VAST Cluster
`--detach-nis-provider`	Detaches a previously connected NIS provider from the tenant.
`--enable-use-smb-native`	When this option is specified, VAST Cluster authorizes client access by using user and group information supplied via Kerberos or NTLM authentication, rather than by querying that user in Active Directory. For more information, see Authentication for SMB Access.Authentication for SMB Access
`--disable-use-smb-native`	Disables use of Kerberos or NTLM authentication to authorize SMB client access. This is the default setting. Note After you disable use of Kerberos/NTLM Authentication to authorize users from non-trusting domains, users that previously had access, would still have access although the feature is now disabled.
`--enable-require-smb-signing`	When specified, SMB clients are required to sign SMB requests. SMB requests with missing or invalid signatures are not accepted.
`--disable-require-smb-signing`	When specified, SMB clients are not required to sign SMB requests.
`--enable-nfs-v4.2`	Enables support of NFS version 4.2 for this tenant. Tip Specify this option if you want to let your clients use the NFSv4.2 Security Labels capability.NFSv4.2 Security Labels
`--disable-nfs-v4.2`	Disables support of NFS version 4.2 for this tenant.
`--local-provider-id ID`	Specifies a local provider with which the tenant is associated.
`--preferred-owning-group PROTOCOL_BASED\|POSIX_GID`	Controls the way VAST Cluster sets the owning group when creating files on a view controlled with the SMB and Mixed Last Wins security flavor: `PROTOCOL_BASED` (default): The owning group is determined based on the access protocol: For SMB, the `primaryGroupID` of the user For NFS, the POSIX GID of the user `POSIX_GID`: The owning group is determined based on the POSIX GID of the user.
`--smb-encryption-state OFF\|AVAILABLE\|DESIRED\|REQUIRED`	Enables/disables SMB encryption for the tenant, and also sets the encryption protection level: `OFF`: SMB encryption is disabled. `AVAILABLE`: Encryption is used only for SMB clients which have requested it explicitly. For clients that do not support encryption, access is allowed but no encryption is used. `DESIRED`: The cluster uses encryption for any SMB client that supports encryption. For clients that do not support encryption, access is allowed but no encryption is used. `REQUIRED`: SMB clients that do not support encryption are denied access.
`--max-views MAX`	Set the maximum number of views the tenant can have to MAX. A value of 0 indicates unlimited views. Default: 0

NFSv4 File Delegation Options

--allowed-delegations READ|WRITE|READ_WRITE|NONE

Enables NFSv4 file delegations for the tenant and specifies the type of NFSv4 file delegations that the cluster can grant to a client opening a file: read, write, or both. A value of NONE (default) disables NFSv4 file delegations.

Valid values: READ, WRITE, READ_WRITE, NONE.

--enable-grant-unrequested-delegations-by-default

If specified, the cluster grants the allowed delegations even when the client does not explicitly request a delegation. This is the default behavior.

--disable-grant-unrequested-delegations-by-default

If specified, the cluster does not grant the allowed delegations to clients that do not explicitly request a delegation.

Capacity and Performance Limits (QoS)

Note
With VAST Cluster 5.4, block protocol operations are not subject to tenant's capacity and performance limitations.

--capacity-rules CAPACITY_RULES

Enables and sets capacity limits for the tenant.

Specify CAPACITY_LIMITS as a comma-separated list of key=value pairs, where the following keys can be used:

soft_limit. A soft limit for the maximum allowed used capacity (GB).
hard_limit. A hard limit for the maximum allowed used capacity (GB).

For example:

soft_limit=1024,hard_limit=2048

--static-limits STATIC_LIMITS

Enables and sets static performance limits for the tenant.

Specify STATIC_LIMITS as a comma-separated list of key=value pairs.

max_reads_bw_mbps. Maximum read bandwidth to provision, in MB/s.
max_reads_iops. Maximum read IOPS to provision.
max_writes_bw_mbps. Maximum write bandwidth to provision, in MB/s.
max_writes_iops. Maximum write IOPS to provision.
burst_reads_bw_mb. Burst bandwidth for read operations, in MB/s.
burst_reads_iops. Burst IOPS for read operations.
burst_reads_loan_mb. Maximum credit bandwidth for read operations, in MB/s.
burst_reads_loan_iops. Maximum credit IOPS for read operations.
burst_writes_bw_mb. Burst bandwidth for write operations, in MB/s.
burst_writes_iops. Burst IOPS for write operations.
burst_writes_loan_mb. Maximum credit bandwidth for write operations, in MB/s.
burst_writes_loan_iops. Maximum credit IOPS for write operations.

For example:

max_reads_bw_mbps=1024,max_writes_iops=2048

--reset-static-limits

Disables static performance limits for the tenant.

Example

vcli: admin> tenant modify --id 3 --client-ip-ranges 10.10.10.1,10.10.10.9 10.10.10.200,10.10.10.240 --detach-ad-provider --ldap-provider-id 2