vserver security file-directory ntfs dacl show
Display NTFS security descriptor DACL entries
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory ntfs dacl show
command displays information about all the discretionary access control entries in the Vserver. The command output depends on the parameter or parameters specified with the command. If you do not specify any parameters, the command displays the following information about all DACL entries:
-
Vserver name
-
Security descriptor
-
List of DACL entries
You can specify the -fields
parameter to specify which fields of information to display about DACL entries.
You can specify the -instance
parameter to display all information about DACL entries in a list format.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the -fields <fieldname>, … parameter, the command only displays the fields that you specify.
- |
[-instance ]
} -
If you specify the -instance parameter, the command displays detailed information about all entries.
[-vserver <vserver name>]
- Vserver-
If you specify this parameter, the command displays information only about discretionary access control entries associated with the specified Vserver.
[-ntfs-sd <ntfs sd name>]
- NTFS Security Descriptor Name-
If you specify this parameter, the command displays information only about the discretionary access control entries for the security descriptor that you specify.
[-access-type {deny|allow}]
- Allow or Deny-
If you specify this parameter, the command displays information only about the discretionary access control entries with the access type that you specify.
[-account <name or sid>]
- Account Name or SID-
If you specify this parameter, the command displays information only about the discretionary access control entries associated with the account name or SID that you specify. You can use any of the following formats when specifying the value for this parameter:
+
* SID
* Domain\user-name
* user-name@Domain
* user-name@FQDNIf you specify any of the three user name formats for the value of -account, keep in mind that the value for the user name is case insensitive. [-rights {no-access|full-control|modify|read-and-execute|read|write}]
- Access Rights-
If you specify this parameter, the command displays information only about the discretionary access control entries with the user right that you specify. Only one value can be specified.
You can specify one of the following rights values:
-
no-access
-
full-control
-
modify
-
read-and-execute
-
read
-
write
-
[-rights-raw <Hex Integer>]
- Raw Access Rights (privilege: advanced)-
If you specify this parameter, the command displays information only about the discretionary access control entries with the advanced user rights that you specify. This value for this parameter is mutually exclusive with any other rights values. Specify the value as a hexadecimal integer, for example:
0xA10F
or0xb3ff
etc. [-advanced-rights <Advanced access right>,…]
- Advanced Access Rights-
If you specify this parameter, the command displays information only about the discretionary access control entries with the advanced user rights that you specify. You can specify more than one value by using a comma-delimited list.
You can specify one or more of the following advanced rights:
-
read-data
-
write-data
-
append-data
-
read-ea
-
write-ea
-
execute-file
-
delete-child
-
read-attr
-
write-attr
-
delete
-
read-perm
-
write-perm
-
write-owner
-
full-control
-
[-apply-to {this-folder|sub-folders|files}]
- Apply DACL Entry-
If you specify this parameter, the command displays information only about the discretionary access control entries with the -applied-to value or values that you specify. You can specify more than one value by using a comma-delimited list.
You can specify one or more of the following values:
-
this-folder
-
sub-folder
-
files
-
[-readable-access-rights <TextNoCase>]
- Access Rights-
If you specify this parameter, the command displays information only the discretionary access control entries with the readable access rights that you specify.
Examples
The following example shows information about a DACL entry.
cluster1::> vserver security file-directory ntfs dacl show Vserver: vs1 NTFS Security Descriptor Name: sd2 Account Name Access Access Apply To Type Rights -------------- ------- ------- ----------- BUILTIN\Users allow full-control this-folder, sub-folders, files CREATOR OWNER allow full-control this-folder, sub-folders, files NT AUTHORITY\SYSTEM allow full-control this-folder, sub-folders, files 3 entries were displayed.