tenant modify

--id ID

Specifies which tenant to modify.

--enable-privileged-domain-user-restore-access

Enables the privileged SMB user.

--disable-privileged-domain-user-restore-access

Disables the privileged SMB user.

--enable-privileged-domain-group-backup-access

Enables the privileged SMB group.

--disable-privileged-domain-group-backup-access

Disables the privileged SMB group.

--enable-privileged-domain-group-restore-access

Enables read and write control access for the privileged SMB user group. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.

--disable-privileged-domain-group-restore-access

Disables write control access for the SMB privileged user group. If enabled (see --enable-privileged-domain-group-backup-access), the group has read control access. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.

--privileged-domain-user-logon-name PRIVILEGED_USER_NAME

An optional custom user name for the SMB or NFSv4.1 privileged user. If not set, the user name is 'vastadmin' in the cluster's joined domain'.

--privileged-domain-group-sid PRIVILEGED_DOMAIN_GROUP_SID

Specify a custom group SID in order to have a working SMB or NFSv4.1 privileged group with backup operator privileges. If not set, the SMB privileged group is set to the Backup Operators domain group (S-1-5-32-551), which, due to a known issue, does not receive backup operator privileges.

--local-administrators-group-name GROUP_NAME

Specify a custom name for the privileged SMB group. If not specified, the privileged SMB group name is Backup Operators.

--default-others-share-level-perm FULL|READ|CHANGE

Sets the default 'Everyone' Group SMB share-level permission for the tenant. This default permission affects all views in which share-level ACL is disabled.

For more information about SMB share-level permissions, see Share-Level ACLs.  Share-Level ACLs

Possible values:

--trash-gid TRASH_GID

If you want to allow access to the  trash folder for non-root NFSv3 users serviced by the tenant, specify this option and provide the GID of the user group that you want to use for this purpose as TRASH_GID. Users who belong to this group will have permission to move files into the trash folder.  Trash Folder (for Rapid Parallel File Deletion)

By default, the operation of moving files into the trash folder is supported for the root user only.

--client-ip-ranges IP_RANGES

Specifies an array of ranges of client IPs to be served by the tenant. Specify IP_RANGES as an array where ranges are separated by spaces and the start and end IP of each range is separated by a comma.

For example: 10.10.10.2,10.10.10.4 2022:3::69:1337:420:8153,2022:3::69:1337:420:8200

See ??? for more information about dedicating virtual IP pools to tenants and associating client IPs to a tenant.

--posix-primary-provider AD|LDAP|NIS

Specifies one provider to take precedence over other providers in case of any conflicts between attribute values when user information is retrieved from the providers.

Applicable if more than one provider is enabled (see --ad-provider-id, --ldap-provider-id, nis-provider-id)

--login-name-primary-provider AD|LDAP|NIS

Determines which authorization provider is the primary provider for the user’s login name.

Applicable if more than one provider is enabled (see --ad-provider-id, --ldap-provider-id, nis-provider-id).

--ad-provider-id ID

Specify up to one Active Directory configuration by its ID in order to enable it for the tenant.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster.  Authorization Providers in VAST Cluster

--detach-ad-provider

Detaches a previously connected Active Directory provider from the tenant.  

--ldap-provider-id ID

Specify up to one LDAP server configuration by its ID in order to enable it for the tenant.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster.  Authorization Providers in VAST Cluster

--detach-ldap-provider

Detaches a previously connected LDAP provider from the tenant.

--nis-provider-id ID

Specify up to one NIS configuration by its ID in order to enable it for the tenant.

Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster.  Authorization Providers in VAST Cluster

--detach-nis-provider

Detaches a previously connected NIS provider from the tenant.

--vippool-ids POOL_IDs

Specifies which virtual IP pools are dedicated to the tenant. Specify POOL_IDs as a comma separated list of virtual IP pool IDs.

For example: --vippool-ids 2,5,7,19

See ???  for more information about dedicating virtual IP pools to tenants and associating client IPs to a tenant.

--enable-use-smb-native

When this option is specified, VAST Cluster  authorizes client access by using user and group information supplied  via Kerberos or NTLM authentication, rather than by querying that user  in Active Directory. For more information, see Authentication for SMB Access.Authentication for SMB Access

--disable-use-smb-native

Disables use of Kerberos or NTLM authentication to authorize SMB client access. This is the default setting.

Note

After you disable use of Kerberos/NTLM Authentication to authorize users from non-trusting domains, users that previously had access, would still have access although the feature is now disabled.

--enable-require-smb-signing

When specified, SMB clients are required to sign SMB requests. SMB requests with missing or invalid signatures are not accepted.

--disable-require-smb-signing

When specified, SMB clients are not required to sign SMB requests.

--enable-nfs-v4.2

Enables support of NFS version 4.2 for this tenant.

Tip

Specify this option if you want to let your clients use the NFSv4.2 Security Labels capability.

--disable-nfs-v4.2

Disables support of NFS version 4.2 for this tenant.

--preferred-owning-group PROTOCOL_BASED|POSIX_GID

Controls the way VAST Cluster sets the owning group when creating files on a view controlled with the SMB and Mixed Last Wins security flavor: