Skip to main content
A newer release of this product is available.

Create an FPolicy configuration

Contributors

POST /protocols/fpolicy

Introduced In: 9.6

Creates an FPolicy configuration.

Required properties

  • svm.uuid or svm.name - Existing SVM in which to create the FPolicy configuration.

  • engines - External server to which the notifications will be sent.

  • events - File operations to monitor.

  • policies - Policy configuration which acts as a container for FPolicy event and FPolicy engine.

  • scope - Scope of the policy. Can be limited to exports, volumes, shares or file extensions.

Default property values

If not specified in POST, the following default property values are assigned:

  • engines.type - synchronous

  • policies.engine - native

  • policies.mandatory - true

  • events.volume_monitoring - false

  • events.file_operations.* - false

  • events.filters.* - false

  • fpolicy policy event create

  • fpolicy policy external-engine create

  • fpolicy policy create

  • fpolicy policy scope create

  • fpolicy enable

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

engines

array[fpolicy_engines]

events

array[fpolicy_events]

policies

array[fpolicy_policies]

svm

svm

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "engines": [
    {
      "name": "fp_ex_eng",
      "port": 9876,
      "primary_servers": [
        "10.132.145.20",
        "10.140.101.109"
      ],
      "secondary_servers": [
        "10.132.145.20",
        "10.132.145.21"
      ],
      "type": "string"
    }
  ],
  "events": [
    {
      "name": "event_nfs_close",
      "protocol": "string"
    }
  ],
  "policies": [
    {
      "engine": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "string"
      },
      "events": [
        "event_nfs_close",
        "event_open"
      ],
      "name": "fp_policy_1",
      "scope": {
        "exclude_export_policies": [
          "string"
        ],
        "exclude_extension": [
          "string"
        ],
        "exclude_shares": [
          "string"
        ],
        "exclude_volumes": [
          "vol1",
          "vol_svm1",
          "*"
        ],
        "include_export_policies": [
          "string"
        ],
        "include_extension": [
          "string"
        ],
        "include_shares": [
          "sh1",
          "share_cifs"
        ],
        "include_volumes": [
          "vol1",
          "vol_svm1"
        ]
      }
    }
  ],
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[fpolicy]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "engines": [
        {
          "name": "fp_ex_eng",
          "port": 9876,
          "primary_servers": [
            "10.132.145.20",
            "10.140.101.109"
          ],
          "secondary_servers": [
            "10.132.145.20",
            "10.132.145.21"
          ],
          "type": "string"
        }
      ],
      "events": [
        {
          "name": "event_nfs_close",
          "protocol": "string"
        }
      ],
      "policies": [
        {
          "engine": {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "name": "string"
          },
          "events": [
            "event_nfs_close",
            "event_open"
          ],
          "name": "fp_policy_1",
          "scope": {
            "exclude_export_policies": [
              "string"
            ],
            "exclude_extension": [
              "string"
            ],
            "exclude_shares": [
              "string"
            ],
            "exclude_volumes": [
              "vol1",
              "vol_svm1",
              "*"
            ],
            "include_export_policies": [
              "string"
            ],
            "include_extension": [
              "string"
            ],
            "include_shares": [
              "sh1",
              "share_cifs"
            ],
            "include_volumes": [
              "vol1",
              "vol_svm1"
            ]
          }
        }
      ],
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

9765032

The FPolicy engine, FPolicy event or FPolicy policy specified already exists

9765031

If any of the FPolicy engine, FPolicy event, or FPolicy policy creation fails due to a systematic error or hardware failure, the cause of the failure is detailed in the error message

2621706

The SVM UUID specified belongs to different SVM

2621462

The SVM name specified does not exist

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

fpolicy_engines

The engine defines how ONTAP makes and manages connections to external FPolicy servers.

Name Type Description

name

string

Specifies the name to assign to the external server configuration.

port

integer

Port number of the FPolicy server application.

primary_servers

array[string]

secondary_servers

array[string]

type

string

The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:

  • synchronous - After sending a notification, wait for a response from the FPolicy server.

  • asynchronous - After sending a notification, file request processing continues.

    • Default value: 1

    • enum: ["synchronous", "asynchronous"]

    • Introduced in: 9.10

file_operations

Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.

Name Type Description

close

boolean

File close operations

create

boolean

File create operations

create_dir

boolean

Directory create operations

delete

boolean

File delete operations

delete_dir

boolean

Directory delete operations

getattr

boolean

Get attribute operations

link

boolean

Link operations

lookup

boolean

Lookup operations

open

boolean

File open operations

read

boolean

File read operations

rename

boolean

File rename operations

rename_dir

boolean

Directory rename operations

setattr

boolean

Set attribute operations

symlink

boolean

Symbolic link operations

write

boolean

File write operations

filters

Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.

Name Type Description

close_with_modification

boolean

Filter the client request for close with modification.

close_with_read

boolean

Filter the client request for close with read.

close_without_modification

boolean

Filter the client request for close without modification.

exclude_directory

boolean

Filter the client requests for directory operations. When this filter is specified directory operations are not monitored.

first_read

boolean

Filter the client requests for the first-read.

first_write

boolean

Filter the client requests for the first-write.

monitor_ads

boolean

Filter the client request for alternate data stream.

offline_bit

boolean

Filter the client request for offline bit set. FPolicy server receives notification only when offline files are accessed.

open_with_delete_intent

boolean

Filter the client request for open with delete intent.

open_with_write_intent

boolean

Filter the client request for open with write intent.

setattr_with_access_time_change

boolean

Filter the client setattr requests for changing the access time of a file or directory.

setattr_with_allocation_size_change

boolean

Filter the client setattr requests for changing the allocation size of a file.

setattr_with_creation_time_change

boolean

Filter the client setattr requests for changing the creation time of a file or directory.

setattr_with_dacl_change

boolean

Filter the client setattr requests for changing dacl on a file or directory.

setattr_with_group_change

boolean

Filter the client setattr requests for changing group of a file or directory.

setattr_with_mode_change

boolean

Filter the client setattr requests for changing the mode bits on a file or directory.

setattr_with_modify_time_change

boolean

Filter the client setattr requests for changing the modification time of a file or directory.

setattr_with_owner_change

boolean

Filter the client setattr requests for changing owner of a file or directory.

setattr_with_sacl_change

boolean

Filter the client setattr requests for changing sacl on a file or directory.

setattr_with_size_change

boolean

Filter the client setattr requests for changing the size of a file.

write_with_size_change

boolean

Filter the client request for write with size change.

fpolicy_events

The information that a FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server.

Name Type Description

file_operations

file_operations

Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.

filters

filters

Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.

name

string

Specifies the name of the FPolicy event.

protocol

string

Protocol for which event is created. If you specify protocol, then you must also specify a valid value for the file operation parameters. The value of this parameter must be one of the following:

  • cifs - for the CIFS protocol.

  • nfsv3 - for the NFSv3 protocol.

  • nfsv4 - for the NFSv4 protocol.

volume_monitoring

boolean

Specifies whether volume operation monitoring is required.

fpolicy_engine_reference

FPolicy external engine

Name Type Description

_links

_links

name

string

The name of the FPolicy external engine.

fpolicy_event_reference

FPolicy events

Name Type Description

_links

_links

name

string

scope

Name Type Description

exclude_export_policies

array[string]

exclude_extension

array[string]

exclude_shares

array[string]

exclude_volumes

array[string]

include_export_policies

array[string]

include_extension

array[string]

include_shares

array[string]

include_volumes

array[string]

fpolicy_policies

Name Type Description

enabled

boolean

Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled.

engine

fpolicy_engine_reference

FPolicy external engine

events

array[fpolicy_event_reference]

mandatory

boolean

Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances.

name

string

Specifies the name of the policy.

priority

integer

Specifies the priority that is assigned to this policy.

scope

scope

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

fpolicy

FPolicy is an infrastructure component of ONTAP that enables partner applications connected to your storage systems to monitor and set file access permissions. Every time a client accesses a file from a storage system, based on the configuration of FPolicy, the partner application is notified about file access.

Name Type Description

_links

_links

engines

array[fpolicy_engines]

events

array[fpolicy_events]

policies

array[fpolicy_policies]

svm

svm

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.