Adding a task to the security policy

Creating and adding a policy task to a security policy is the fourth step in configuring and applying ACLs to files or folders in SVMs. When you create the policy task, you associate the task with a security policy. You can add one or more task entries to a security policy.

About this task

The security policy is a container for a task. A task refers to a single operation that can be done by a security policy to files or folders with NTFS or mixed security (or to a volume object if configuring Storage-Level Access Guard).

There are two types of tasks:

A task contains definitions for the security configuration of a file (or folder) or set of files (or folders). Every task in a policy is uniquely identified by the path. There can be only one task per path within a single policy. A policy cannot have duplicate task entries.

Guidelines for adding a task to a policy:

You can customize the security descriptor configuration by using the following optional parameters:

The value for any optional parameter is ignored for Storage-Level Access Guard. See the man pages for more information.


  1. Add a task with an associated security descriptor to the security policy: vserver security file-directory policy task add -vserver vserver_name -policy-name policy_name -path path -ntfs-sd SD_name optional_parameters
    file-directory is the default value for the -access-control parameter. Specifying the access control type when configuring file and directory access tasks is optional.
    vserver security file-directory policy task add -vserver vs1 -policy-name policy1 -path /home/dir1 -security-type ntfs -ntfs-mode propagate -ntfs-sd sd2 -index-num 1 -access-control file-directory
  2. Verify the policy task configuration: vserver security file-directory policy task show -vserver vserver_name -policy-name policy_name -path path
    vserver security file-directory policy task show
    Vserver: vs1
    Policy: policy1
    Index    File/Folder    Access           Security   NTFS       NTFS Security
             Path           Control          Type       Mode       Descriptor Name
    -----    --------       -----------      --------   ------     ----------------
    1        /home/dir1     file-directory   ntfs       propagate  sd2