vserver fpolicy policy create
Create a policy
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver fpolicy policy create
command creates an FPolicy policy. You must create an FPolicy event name before creating an FPolicy policy. If you are using an external FPolicy server, you must also create an FPolicy engine before creating a policy.
Parameters
-vserver <Vserver Name>
- Vserver-
This parameter specifies the name of the Vserver on which you want to create an FPolicy policy.
-policy-name <Policy name>
- Policy-
This parameter specifies the name of the FPolicy policy that you want to create. An FPolicy policy name can be up to 256 characters long and is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_" and "." .
-events <Event name>,…
- Events to Monitor-
This parameter specifies a list of events to monitor for the FPolicy policy. All the events in the event list should be created by the administrator of the specified Vserver or the cluster administrator. The events must already exist. Create events using the
fpolicy policy event create
command. -engine <Engine name>
- FPolicy Engine-
This parameter specifies an external engine for this FPolicy policy. An external engine contains information required by the node to send notifications to an FPolicy server. The Vserver administrator of the specified Vserver or the cluster administrator creates the external engine prior to creating the FPolicy policy. If this parameter is not specified, the default
native
external engine is used. Thenative
external engine is internal to ONTAP and is used if you want to configure native file blocking and you do not want to use an external FPolicy server. [-is-mandatory {true|false}]
- Is Mandatory Screening Required-
This parameter specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to
true
, file access events will be denied under these circumstances. To allow file access events under these circumstances, set this parameter tofalse
. By default, it istrue
. [-allow-privileged-access {yes|no}]
- Allow Privileged Access-
This parameter specifies privileged access for FPolicy servers. It is used to specify whether privileged access is required for FPolicy servers. Privileged access is used when the FPolicy server requires direct access to the cluster nodes. With this option set to
yes
, FPolicy servers can access files on the cluster using a separate data channel with privileged access. By default, it isno
. [-privileged-user-name <text>]
- User Name for Privileged Access-
This parameter specifies the privileged user name. It is used to specify the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in
"domain\user name"
format. If-allow-privileged-access
is set tono
, any value set for this field is ignored. [-is-passthrough-read-enabled {true|false}]
- Is Passthrough Read Enabled-
This parameter specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are the files which have been moved to secondary storage. If passthrough-read is enabled, the FPolicy server provides the data for the file over a separate channel instead of restoring the file to primary storage. By default, this parameter is
false
. [-persistent-store <text>]
- Persistent Store Name-
This parameter specifies persistent storage name. This can then be used for enabling the Persistent mode for Fpolicy events.
Examples
The following example creates an FPolicy policy.
cluster1::> vserver fpolicy policy create -vserver vs1.example.com -policy-name vs1_pol -events cserver_evt,v1e1 -engine native -is-mandatory true -allow-privileged-access no -is-passthrough-read-enabled false cluster1::> vserver fpolicy policy show -vserver vs1.example.com -policy-name vs1_pol Vserver: vs1.example.com Policy Name: vs1_pol Events to Monitor: cserver_evt, v1e1 FPolicy Engine: native Is Mandatory Screening Required: true Allow Privileged Access: no User Name for Privileged Access: - Is Passthrough Read Enabled: false persistent-store: -