Skip to main content
ONTAP commands
A newer release of this product is available.

vserver security file-directory policy create

Contributors
Suggest changes
PDFs

Create a file security policy

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory policy create command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.

Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.

Note You cannot modify a security policy. If you want to apply a policy with the same settings to a different Vserver, you must create a new policy with the same configuration and apply it to the desired Vserver.

The steps to creating and applying NTFS ACLs are the following:

  • Create an NTFS security descriptor.

  • Add DACLS and SACLS to the NTFS security descriptor.

Note If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor.

  • Create a file/directory security policy.

This step associates the policy with a Vserver.
* Create policy tasks.

A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
* Apply a policy to the associated Vserver.

Parameters

-vserver <vserver name> - Vserver

Specifies the name of the Vserver on which to create the security policy.

-policy-name <Security policy name> - Policy Name

Specifies the name of the security policy.

Examples

The following example creates a security policy named “policy1” on Vserver vs1.

cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1
            cluster1::> vserver security file-directory policy show
Vserver          Policy Name
               ------------     --------------
               vs1              policy1