REST API reference
Create an FPolicy configuration
Suggest changes
PDFs
POST /protocols/fpolicy
Introduced In: 9.6
Creates an FPolicy configuration.
Required properties
-
svm.uuidorsvm.name- Existing SVM in which to create the FPolicy configuration.
Recommended optional properties
-
engines- External server to which the notifications will be sent. -
events- File operations to monitor. -
policies- Policy configuration which acts as a container for FPolicy event and FPolicy engine. -
scope- Scope of the policy. Can be limited to exports, volumes, shares or file extensions.
Default property values
If not specified in POST, the following default property values are assigned:
-
engines.type- synchronous -
policies.engine- native -
policies.mandatory- true -
events.volume_monitoring- false -
events.file_operations.*- false -
events.filters.*- false
Related ONTAP commands
-
fpolicy policy event create -
fpolicy policy external-engine create -
fpolicy policy create -
fpolicy policy scope create -
fpolicy enable
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
engines |
array[fpolicy_engines] |
|
events |
array[fpolicy_events] |
|
policies |
array[fpolicy_policies] |
|
svm |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"engines": [
{
"name": "fp_ex_eng",
"port": 9876,
"primary_servers": [
"10.132.145.20",
"10.140.101.109"
],
"secondary_servers": [
"10.132.145.20",
"10.132.145.21"
],
"type": "string"
}
],
"events": [
{
"name": "event_nfs_close",
"protocol": "string"
}
],
"policies": [
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string"
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": [
"string"
],
"exclude_extension": [
"string"
],
"exclude_shares": [
"string"
],
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": [
"string"
],
"include_extension": [
"string"
],
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[fpolicy] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"engines": [
{
"name": "fp_ex_eng",
"port": 9876,
"primary_servers": [
"10.132.145.20",
"10.140.101.109"
],
"secondary_servers": [
"10.132.145.20",
"10.132.145.21"
],
"type": "string"
}
],
"events": [
{
"name": "event_nfs_close",
"protocol": "string"
}
],
"policies": [
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string"
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": [
"string"
],
"exclude_extension": [
"string"
],
"exclude_shares": [
"string"
],
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": [
"string"
],
"include_extension": [
"string"
],
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
9765032 |
The FPolicy engine, FPolicy event or FPolicy policy specified already exists |
9765031 |
If any of the FPolicy engine, FPolicy event, or FPolicy policy creation fails due to a systematic error or hardware failure, the cause of the failure is detailed in the error message |
2621706 |
The SVM UUID specified belongs to different SVM |
2621462 |
The SVM name specified does not exist |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
fpolicy_engines
The engine defines how ONTAP makes and manages connections to external FPolicy servers.
| Name | Type | Description |
|---|---|---|
name |
string |
Specifies the name to assign to the external server configuration. |
port |
integer |
Port number of the FPolicy server application. |
primary_servers |
array[string] |
|
secondary_servers |
array[string] |
|
type |
string |
The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:
|
file_operations
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.
| Name | Type | Description |
|---|---|---|
close |
boolean |
File close operations |
create |
boolean |
File create operations |
create_dir |
boolean |
Directory create operations |
delete |
boolean |
File delete operations |
delete_dir |
boolean |
Directory delete operations |
getattr |
boolean |
Get attribute operations |
link |
boolean |
Link operations |
lookup |
boolean |
Lookup operations |
open |
boolean |
File open operations |
read |
boolean |
File read operations |
rename |
boolean |
File rename operations |
rename_dir |
boolean |
Directory rename operations |
setattr |
boolean |
Set attribute operations |
symlink |
boolean |
Symbolic link operations |
write |
boolean |
File write operations |
filters
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.
| Name | Type | Description |
|---|---|---|
close_with_modification |
boolean |
Filter the client request for close with modification. |
close_with_read |
boolean |
Filter the client request for close with read. |
close_without_modification |
boolean |
Filter the client request for close without modification. |
exclude_directory |
boolean |
Filter the client requests for directory operations. When this filter is specified directory operations are not monitored. |
first_read |
boolean |
Filter the client requests for the first-read. |
first_write |
boolean |
Filter the client requests for the first-write. |
monitor_ads |
boolean |
Filter the client request for alternate data stream. |
offline_bit |
boolean |
Filter the client request for offline bit set. FPolicy server receives notification only when offline files are accessed. |
open_with_delete_intent |
boolean |
Filter the client request for open with delete intent. |
open_with_write_intent |
boolean |
Filter the client request for open with write intent. |
setattr_with_access_time_change |
boolean |
Filter the client setattr requests for changing the access time of a file or directory. |
setattr_with_allocation_size_change |
boolean |
Filter the client setattr requests for changing the allocation size of a file. |
setattr_with_creation_time_change |
boolean |
Filter the client setattr requests for changing the creation time of a file or directory. |
setattr_with_dacl_change |
boolean |
Filter the client setattr requests for changing dacl on a file or directory. |
setattr_with_group_change |
boolean |
Filter the client setattr requests for changing group of a file or directory. |
setattr_with_mode_change |
boolean |
Filter the client setattr requests for changing the mode bits on a file or directory. |
setattr_with_modify_time_change |
boolean |
Filter the client setattr requests for changing the modification time of a file or directory. |
setattr_with_owner_change |
boolean |
Filter the client setattr requests for changing owner of a file or directory. |
setattr_with_sacl_change |
boolean |
Filter the client setattr requests for changing sacl on a file or directory. |
setattr_with_size_change |
boolean |
Filter the client setattr requests for changing the size of a file. |
write_with_size_change |
boolean |
Filter the client request for write with size change. |
fpolicy_events
The information that a FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server.
| Name | Type | Description |
|---|---|---|
file_operations |
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol. |
|
filters |
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations. |
|
name |
string |
Specifies the name of the FPolicy event. |
protocol |
string |
Protocol for which event is created. If you specify protocol, then you must also specify a valid value for the file operation parameters. The value of this parameter must be one of the following:
|
volume_monitoring |
boolean |
Specifies whether volume operation monitoring is required. |
fpolicy_engine_reference
FPolicy external engine
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the FPolicy external engine. |
fpolicy_event_reference
FPolicy events
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
scope
| Name | Type | Description |
|---|---|---|
exclude_export_policies |
array[string] |
|
exclude_extension |
array[string] |
|
exclude_shares |
array[string] |
|
exclude_volumes |
array[string] |
|
include_export_policies |
array[string] |
|
include_extension |
array[string] |
|
include_shares |
array[string] |
|
include_volumes |
array[string] |
fpolicy_policies
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
scope |
svm
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
fpolicy
FPolicy is an infrastructure component of ONTAP that enables partner applications connected to your storage systems to monitor and set file access permissions. Every time a client accesses a file from a storage system, based on the configuration of FPolicy, the partner application is notified about file access.
| Name | Type | Description |
|---|---|---|
_links |
||
engines |
array[fpolicy_engines] |
|
events |
array[fpolicy_events] |
|
policies |
array[fpolicy_policies] |
|
svm |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |