vserver security file-directory policy create
Create a file security policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory policy create
command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.
Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.
You cannot modify a security policy. If you want to apply a policy with the same settings to a different Vserver, you must create a new policy with the same configuration and apply it to the desired Vserver. |
The steps to creating and applying NTFS ACLs are the following:
-
Create an NTFS security descriptor.
-
Add DACLS and SACLS to the NTFS security descriptor.
If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor. |
-
Create a file/directory security policy.
This step associates the policy with a Vserver.
* Create policy tasks.
A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.
Parameters
-vserver <vserver name>
- Vserver-
Specifies the name of the Vserver on which to create the security policy.
-policy-name <Security policy name>
- Policy Name-
Specifies the name of the security policy.
Examples
The following example creates a security policy named “policy1” on Vserver vs1.
cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1 cluster1::> vserver security file-directory policy show Vserver Policy Name ------------ -------------- vs1 policy1