ONTAP 9.14.1 commands

vserver security file-directory policy create

Create a file security policy

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.


The vserver security file-directory policy create command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.

Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.

You cannot modify a security policy. If you want to apply a policy with the same settings to a different Vserver, you must create a new policy with the same configuration and apply it to the desired Vserver.

The steps to creating and applying NTFS ACLs are the following:

  • Create an NTFS security descriptor.

  • Add DACLS and SACLS to the NTFS security descriptor.

If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor.
  • Create a file/directory security policy.

This step associates the policy with a Vserver.

  • Create policy tasks.

A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.

  • Apply a policy to the associated Vserver.


-vserver <vserver name> - Vserver

Specifies the name of the Vserver on which to create the security policy.

-policy-name <Security policy name> - Policy Name

Specifies the name of the security policy.


The following example creates a security policy named “policy1” on Vserver vs1.

cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1
            cluster1::> vserver security file-directory policy show
Vserver          Policy Name
               ------------     --------------
               vs1              policy1
Top of Page