ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver fpolicy policy create

    Create a policy

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver fpolicy policy create command creates an FPolicy policy. You must create an FPolicy event name before creating an FPolicy policy. If you are using an external FPolicy server, you must also create an FPolicy engine before creating a policy.

    Parameters

    -vserver <Vserver Name> - Vserver

    This parameter specifies the name of the Vserver on which you want to create an FPolicy policy.

    -policy-name <Policy name> - Policy

    This parameter specifies the name of the FPolicy policy that you want to create. An FPolicy policy name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_" and "." .

    -events <Event name>,…​ - Events to Monitor

    This parameter specifies a list of events to monitor for the FPolicy policy. All the events in the event list should be created by the administrator of the specified Vserver or the cluster administrator. The events must already exist. Create events using the fpolicy policy event create command.

    -engine <Engine name> - FPolicy Engine

    This parameter specifies an external engine for this FPolicy policy. An external engine contains information required by the node to send notifications to an FPolicy server. The Vserver administrator of the specified Vserver or the cluster administrator creates the external engine prior to creating the FPolicy policy. If this parameter is not specified, the default native external engine is used. The native external engine is internal to Data ONTAP and is used if you want to configure native file blocking and you do not want to use an external FPolicy server.

    [-is-mandatory {true|false}] - Is Mandatory Screening Required

    This parameter specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true , file access events will be denied under these circumstances. To allow file access events under these circumstances, set this parameter to false . By default, it is true .

    [-allow-privileged-access {yes|no}] - Allow Privileged Access

    This parameter specifies privileged access for FPolicy servers. It is used to specify whether privileged access is required for FPolicy servers. Privileged access is used when the FPolicy server requires direct access to the cluster nodes. With this option set to yes , FPolicy servers can access files on the cluster using a separate data channel with privileged access. By default, it is no .

    [-privileged-user-name <text>] - User Name for Privileged Access

    This parameter specifies the privileged user name. It is used to specify the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in "domain\user name" format. If -allow-privileged-access is set to no , any value set for this field is ignored.

    [-is-passthrough-read-enabled {true|false}] - Is Passthrough Read Enabled

    This parameter specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are the files which have been moved to secondary storage. If passthrough-read is enabled, the FPolicy server provides the data for the file over a separate channel instead of restoring the file to primary storage. By default, this parameter is false .

    Examples

    The following example creates an FPolicy policy.

    cluster1::> vserver fpolicy policy create -vserver vs1.example.com -policy-name vs1_pol -events cserver_evt,v1e1
              -engine native -is-mandatory true -allow-privileged-access no -is-passthrough-read-enabled false
    
    cluster1::> vserver fpolicy policy show -vserver vs1.example.com -policy-name vs1_pol
    Vserver: vs1.example.com
                        Policy Name: vs1_pol
                  Events to Monitor: cserver_evt, v1e1
                     FPolicy Engine: native
    Is Mandatory Screening Required: true
            Allow Privileged Access: no
    User Name for Privileged Access: -
        Is Passthrough Read Enabled: false
    Top of Page