Skip to main content

vserver security file-directory policy task modify

Contributors
Suggest changes

Modify policy tasks

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory policy task modify command modifies a task entry in a security policy.

Note Modifying a policy task fails if a job is currently running for the specified policy in which a task is being modified.

You can unambiguously define which task to modify by specifying the following three parameters in the modify command:

  • Vserver associated with the task

  • Name of the security policy that contains the task

  • Name of the path to which the task is applied

You can modify the following parameters:

  • -ntfs-mode

  • -ntfs-sd

  • -index-num

Note The only security type supported in this Data ONTAP release is “ntfs” ; therefore, you cannot modify the -security-type parameter.

Parameters

-vserver <vserver name> - Vserver

Specifies the Vserver associated with the security policy that contains the task you want to modify.

-policy-name <Security policy name> - Policy Name

Specifies the name of the security policy that contains the task you want to modify.

-path <text> - Path

Specifies the path of the file/folder associated with the task that you want to modify.

[-index-num <integer>] - Position

Specifies the index number of a task. Tasks are applied in order. A task with a larger index value is applied after a task with a lower index number. If you do not specify this optional parameter, new tasks are applied to the end of the index list.

The range of supported values is 1 through 9999. If there is a gap between the highest existing index number and the value entered for this parameter, the task with this number is considered to be the last task in the policy and is treated as having an index number of the previous highest index plus one.

Note If you specify an index number that is already assigned to an existing task, the command fails when you attempt to create a duplicate entry.
[-security-type {ntfs|nfsv4}] - Security Type

Specifies whether the security descriptor in the task that you want to modify should be an NTFS security descriptor type or an NFSv4 security descriptor type. Default value is ntfs .

Note The nfsv4 security descriptor type is not supported in this release. If you specify this optional parameter, you must enter ntfs for the -security-type value.
[-ntfs-mode {propagate|ignore|replace}] - NTFS Propagation Mode

Specifies how to propagate security settings to child subfolders and files. This setting determines how child files and/or folders contained within a parent folder inherit access control and audit information from the parent folder.

You can specify one of the three parameter values that correspond to three types of propagation modes:

  • propagate - propagate inheritable permissions to all subfolders and files

  • replace - replace existing permissions on all subfolders and files with inheritable permissions

  • ignore - do not allow permissions on this file or folder to be replaced

[-ntfs-sd <ntfs sd name>,…​] - NTFS Security Descriptor Name

Specifies the list of security descriptor names to apply to the path specified in the -path parameter.

Examples

The following example modifies the ntfs mode, index, and ntfs-sd parameters in the security policy task entry.

cluster1::> vserver security file-directory policy task modify -vserver vs1 -policy-name policy1 -path / -security-type ntfs -ntfs-mode propagate -ntfs-sd sd -index-num 1
cluster1::> vserver security file-directory policy task modify -vserver vs1 -policy-name policy1 -path /1 -security-type ntfs -ntfs-mode propagate -ntfs-sd sd1, sd2 -index-num 2
cluster1::> vserver security file-directory policy task show -vserver vs1 -policy-name policy1
Vserver: vs1
                Policy: policy1
                 Index    File/Folder  Access          Security   NTFS       NTFS Security
                          Path         Control         Type       Mode       Descriptor Name
                 -----    --------     --------------  ------     -----      -----------------
                 1        /            file-directory  ntfs       propagate  sd
                 2        /1           file-directory  ntfs       propagate  sd1, sd2