Prepare to manage file security and audit policies
Suggest changes
PDFs
You can manage the permissions and audit policies for files available through the SVMs within an ONTAP cluster.
Overview
ONTAP uses System Access Control Lists (SACLs) and Discretionary Access Control Lists (DACLs) to assign permissions to file objects. Beginning with ONTAP 9.9.1, the REST API includes support for managing the SACL and DACL permissions. You can use the API to automate the administration of the file security permissions. In many cases you can use a single REST API call instead of multiple CLI commands or ONTAPI (ZAPI) calls.
|
For ONTAP releases prior to 9.9.1, you can automate the administration of the SACL and DACL permissions using the CLI passthrough feature. See Migration considerations and Using the private CLI passthrough with the ONTAP REST API for more information. |
Several example workflows are available to illustrate how to manage the ONTAP file security services using the REST API. Before using the workflows and issuing any of the REST API calls, make sure to review Prepare to use the workflows.
If you use Python, also see the script file_security_permissions.py for examples of how to automate some of the file security activities.
ONTAP REST API versus ONTAP CLI commands
For many tasks, using the ONTAP REST API requires fewer calls than the equivalent ONTAP CLI commands or ONTAPI (ZAPI) calls. The table below includes a list of API calls and the equivalent the CLI commands needed for each task.
| ONTAP REST API | ONTAP CLI |
|---|---|
|
|
|
|
|
|
|
|