As discussed in the previous article in this series, OneFS Secure Snapshots are designed to ensure the immutability of snapshots and safeguard them against accidental or malicious modification or deletion. Beyond protecting the snapshots themselves, the multi-party authorization requirement also secures the associated snapshot schedules. These schedules are critical for generating future snapshots, and any tampering – such as altering the frequency or disabling them entirely – could result in unintended consequences, including excessive snapshot creation that strains cluster resources or a complete halt in snapshot generation.
Once the cluster is committed to OneFS 9.12, snapshots are licensed, and two or more approval admins have been configured, MPA can be enabled. This preparatory work is covered in-depth in this MPA configuration article. MPA can be enabled from the WebUI under Access > Multi-Party Authorization > Settings:
Or via the CLI with the following command syntax:
# isi mpa settings global modify --enable true
The general flow of Secure Snapshot privileged command execution is as follows:
Once MPA is activated, any Secure Snapshot deletion, and other privileged action, requests are blocked pending approval.
As such, an attempt to delete a secure snapshot generates a warning, and the action is suspended until approved by an authorized user. For example:
Or from the CLI:
# isi snapshot list ID Name Path ----------------------------------------------------------------------------- 40 Snapshot:2025July21.2:44PM /ifs/data 42 SIQ-8b30297763c5db7307e2d84504839c25-new /ifs/data/zone1 # isi snapshot delete 40 Are you sure? (yes/[no]): yes Delete Snapshot is a privileged action . A request paareqa99439a172d09999 to perform this action is pending approval. Check Multi-Party Authorization to view the status of the request.
Details of the requested snapshot privileged action can be viewed as follows:
Similarly, from the CLI:
# isi mpa requests view --id= paareqa99439a172d09999 ID: paareqa99439a172d09999 Action: delete_snapshot Action Payload: - Created By: MPA Last Update Time: 2025-07-21T14:44:56 Resource IDs: 40 Resource Type: snapshot Service: snapshot Status: pending Request For: 0
Assuming they sanction the privileged action, the authorizer(s) grant approval for the snapshot deletion, or other privileged action.
This is achieved by clicking the ‘Approve’ button for the pending request, under Access > Multi-Party Authorization > Requests:
The authorizer is then prompted for their TOTP security authorization code as part of the approval process:
Or via the CLI:
# isi mpa requests list # isi mpa requests approve <id> <comment> <approved> --totp-code <******> --approval-valid-before <timestamp> --zone <zone>
Once approval has been granted, the privileged snapshot operation can complete as expected.
The WebUI reports a successful approval status as follows:
Or from the CLI:
# isi mpa requests approve --approved=true –id= paareqa99439a172d09999–comment=approved totp_code: xxxxxx Request paareqa99439a172d09999has been approved successfully. # isi snapshot delete 40 Are you sure? (yes/[no]): yes # isi snapshot list ID Name Path ----------------------------------------------------------------------------- 42 SIQ-8b30297763c5db7307e2d84504839c25-new /ifs/data/zone1
It’s worth noting that snapshot schedules will only generate secure snapshots if they are configured to create snaps with expiration dates. For example:
It’s also important to note that the new Secure Snapshots feature in OneFS 9.12 is designed to complement, rather than replace, the existing SnapshotIQ locking mechanism, which is managed via the ‘isi snapshot locks’ CLI command set.
| Feature | Availability | Authorization | Description |
| Secure snapshots | OneFS 9.12 and later | Multiple approvers | One or more additional approvers must authorize snapshot privileged action. |
| SnapshotIQ locks | OneFS 7.0 and later | Single approver | A single administrator can configure and manage snapshot locks. |
Secure Snapshots operate independently and do not interfere with the creation, removal, or behavior of traditional SnapshotIQ locks. This topic will be covered in more depth in the next article in this series.