New Features in 5.1.2-SP1

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

Defining Custom RBAC Realms

We have provided the ability to define custom Role-Based Access Control (RBAC) realms.

Realms are categories of object types. They combine with permission types (create, view, edit, and delete) to form permissions that can be assigned to managers and roles. Previously, all realms were predefined. Now It is possible to create your own realms and choose which object types to include in each realm.

The following user controls have been added for this feature:

  • In VAST Web UI:

    • The Realms page (Administrators -> Realms) that lets you view, create, update and delete custom RBAC realms.

    • The Add Manager and Update Manager dialogs provide an option to create a new realm during the process so that you can assign the manager's permissions to that realm.

  • In VAST CLI, the following commands let you create and delete realms, add and remove object types from the realms, change realm names, list realm details, and delete realms:

    • realm create

    • realm modify

    • realm delete

    • realm list

    • realm show

    • realm assign

    • realm unassign

The following limitation applies:

  • ORION-187584: An empty realm (which does not contain any objects) cannot be assigned to a role.

VMS Password Complexity and Rotation Rules

With VAST Cluster 5.1.2, you can set password complexity requirements and define password rotation rules for VMS manager user passwords. Password complexity requirements determine the password length and whether a password has to include an uppercase latter, a lowercase letters, a number, and/or a special character. Password rotation rules determine if/when the password expires. The settings can be made globally for the cluster or per VMS manager user.

The following user controls have been added:

  • In VAST Web UI:

    • Password settings, which can be found in the new Password tab in VMS settings (Settings -> VMS -> Password).

    • The Add Manager and Update Manager dialogs for creating and modifying managers now feature the Password Doesn't Expire slider control that can be used to override password expiration for an individual manager.

    • The right-click menu for managers listed in the Administrators -> Managers page includes an option to unlock a manager in the event that the manager was locked out due to failed login attempts.

  • In VAST CLI:

    • The new vms modify-pwd-settings command to make password settings

    • The --passwords-settings option on the vms show command to show current password settings.

    • Options were added to the manager create and manager modify commands to control password expiration and the setting of a temporary password.

    • The following options on  manager create and manager modify commands to control password expiration and use  of a temporary password:

      • --enable-password-expiration

      • --disable-password-expiration

      • --enable-is-temporary-password

      • --disable-is-temporary-password

The following limitations apply:

  • (RESOLVED IN 5.2.0) ORION-186672: If password expiration is disabled, a temporary password set for a VMS manager user does not expire even if the temporary password expiration options are set.

  • ORION-188529: A new user with a temporary password cannot display their VAST user ID independently, which makes it impossible for them to run VAST CLI commands against their VAST user, including a command to change the temporary password.

Related articles