ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver security file-directory apply

    Apply security descriptors on files and directories defined in a policy to a Vserver

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    The vserver security file-directory apply command applies security settings to files and directories defined in a security policy of a Vserver.

    Applying a security policy to a Vserver is the last step to creating and applying NTFS ACLs to files or folders. A security policy contains definitions for the security configuration of a file (or folder) or set of files (or, folders). The policy is a container for tasks. A task associates a file/folder path name to the security descriptor that needs to be set on the file/folder. Every task in a policy is uniquely identified by the file/folder path. A policy cannot have duplicate task entries. There can be only one task per path.

    The steps to creating and applying NTFS ACLs are the following:

    • Create an NTFS security descriptor.

    • Add DACLs and SACLs to the NTFS security descriptor.

    If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding the SACL to the security descriptor.
    • Create a file/directory security policy.

    This step associates the policy with a Vserver.
    * Create policy tasks.

    A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
    * Apply a policy to the associated Vserver.

    Parameters

    -vserver <vserver name> - Vserver

    Specifies the Vserver that contains the path to which the security policy is applied.

    -policy-name <Security policy name> - Policy Name

    Specifies the security policy to apply.

    [-ignore-broken-symlinks {true|false}] - Skip Broken Symlinks

    If you specify this parameter as true , the file-directory apply job will skip all the symlinks that are broken instead of failing the job.

    Examples

    The following example applies a security policy named “p1” to Vserver vs0.

    cluster1::> vserver security file-directory apply -vserver vs0 -policy-name p1
    Top of Page