This command creates a tenant.
Usage
tenant create --name NAME
[--enable-privileged-domain-user-restore-access]|[--disable-privileged-domain-user-restore-access]
[--enable-privileged-domain-group-backup-access]|[--disable-privileged-domain-group-backup-access]
[--enable-privileged-domain-group-restore-access]|[--disable-privileged-domain-group-restore-access]
[--privileged-domain-user-logon-name]
[--privileged-domain-group-sid SID]
[--local-administrators-group-name NAME]
[--default-others-share-level-perm FULL|READ|CHANGE]
[--encryption-group ENCRYPTION_GROUP]
[--trash-gid TRASH_GID]
[--client-ip-ranges IP_RANGES]
[--posix-primary-provider AD|LDAP|NIS]
[--login-name-primary-provider AD|LDAP|NIS]
[--ad-provider-id ID]
[--ldap-provider-id ID]
[--nis-provider-id ID]
[--vippool-ids POOL_IDs]
[--enable-use-smb-native|--disable-use-smb-native]
Required Parameters
| Specifies a name for the tenant. |
Options
| Enables the privileged SMB user. |
| Disables the privileged SMB user. |
| Enables the privileged SMB group. |
| Disables the privileged SMB group. |
| Enables read and write control access for the privileged SMB user group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories. |
| Disables write control access for the SMB privileged user group. If enabled (see |
| An optional custom user name for the SMB or NFSv4.1 privileged user. If not set, the user name is 'vastadmin' in the cluster's joined domain. |
| Specify a custom group SID in order to have a working SMB or NFSv4.1 privileged group with backup operator privileges. If not set, the SMB privileged group is set to the Backup Operators domain group (S-1-5-32-551), which, due to a known issue, does not receive backup operator privileges. |
| Specify a custom name for the privileged SMB group. If not specified, the privileged SMB group name is Backup Operators. |
| Sets the default 'Everyone' Group SMB share-level permission for the tenant. This default permission affects all views in which share-level ACL is disabled. For more information about SMB share-level permissions, see Share-Level ACLs. Possible values:
|
| If encryption is enabled on the cluster with external key management (EKM), enter a string identifier for the tenant's encryption group for encryption group management. You can optionally provide the same group for more than one tenant if you want to join multiple tenants to the same encryption group on the EKM. Tenants that belong to the same group will be managed by the same encryption key. Supply the group's Cloud Resource Name (CRN) identifier as Valid format: string, up to 128 characters An encryption group is required for tenant creation if EKM encryption is enabled. The encryption group cannot be changed after creating the tenant. For more information about EKM encryption, see Encryption of Data at Rest. |
| If you want to allow access to the trash folder for non-root NFSv3 users serviced by the tenant, specify this option and provide the GID of the user group that you want to use for this purpose as By default, the operation of moving files into the trash folder is supported for the root user only. |
| Specifies an array of ranges of client IPs to be served by the tenant. Specify For example: See ??? for more information about dedicating virtual IP pools to tenants and associating client IPs to a tenant. |
| Specifies one provider to take precedence over other providers in case of any conflicts between attribute values when user information is retrieved from the providers. Applicable if more than one provider is enabled (see |
| Determines which authorization provider is the primary provider for the user’s login name. Applicable if more than one provider is enabled (see |
| Select which external authorization providers should be enabled for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Combinations of Providers and Access Protocols. |
| Specify up to one LDAP server configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Combinations of Providers and Access Protocols. |
| Specify up to one NIS configuration by its ID in order to enable it for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Supported Combinations of Providers and Access Protocols. |
| Specifies which virtual IP pools are dedicated to the tenant. Specify For example: See ??? for more information about dedicating virtual IP pools to tenants and associating client IPs to a tenant. |
| When this option is specified, VAST Cluster authorizes client access by using user and group information supplied via Kerberos or NTLM authentication, rather than by querying that user in Active Directory. For more information, see Authentication for SMB Access. |
| Disables use of Kerberos or NTLM authentication to authorize SMB client access. This is the default setting. |
Example
vcli: admin> tenant create --name Tenant1 --client-ip-ranges 10.10.10.2,10.10.10.4 11.11.11.2,11.11.11.4
--posix-primary-provider AD --ad-provider-id 1 --nis-provider-id 1