vserver security file-directory policy create
Create a file security policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
vserver security file-directory policy create command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.
Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.
|You cannot modify a security policy. If you want to apply a policy with the same settings to a different Vserver, you must create a new policy with the same configuration and apply it to the desired Vserver.|
The steps to creating and applying NTFS ACLs are the following:
Create an NTFS security descriptor.
Add DACLS and SACLS to the NTFS security descriptor.
|If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor.|
Create a file/directory security policy.
This step associates the policy with a Vserver.
* Create policy tasks.
A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.
vserver security file-directory policy create command is not supported for Vservers with Infinite Volume.
-vserver <vserver name>- Vserver
Specifies the name of the Vserver on which to create the security policy.
-policy-name <Security policy name>- Policy Name
Specifies the name of the security policy.
The following example creates a security policy named “policy1” on Vserver vs1.
cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1 cluster1::> vserver security file-directory policy show Vserver Policy Name ------------ -------------- vs1 policy1