Skip to main content

Configure NTFS file permissions using the ONTAP CLI

Contributors netapp-ahibbard netapp-mdavidson

You can configure NTFS file permissions on files and directories using the ONTAP CLI. This enables you to configure NTFS file permissions without needing to connect to the data using an SMB share on a Windows Client.

You can configure NTFS file permissions by adding entries to NTFS discretionary access control lists (DACLs) that are associated with an NTFS security descriptor. The security descriptor is then applied to NTFS files and directories.

You can only configure NTFS file permissions using the command line. You cannot configure NFSv4 ACLs by using the CLI.

Steps
  1. Create an NTFS security descriptor.

    vserver security file-directory ntfs create -vserver svm_name -ntfs-sd ntfs_security_descriptor_name -owner owner_name -group primary_group_name -control-flags-raw raw_control_flags

  2. Add DACLs to the NTFS security descriptor.

    vserver security file-directory ntfs dacl add -vserver svm_name -ntfs-sd ntfs_security_descriptor_name -access-type {deny|allow} -account account_name -rights {no-access|full-control|modify|read-and-execute|read|write} -apply-to {this-folder|sub-folders|files}

  3. Create a file/directory security policy.

    vserver security file-directory policy create -vserver svm_name -policy-name policy_name