Retrieve an FPolicy configuration
GET /protocols/fpolicy
Introduced In: 9.6
Retrieves an FPolicy configuration.
Related ONTAP commands
-
fpolicy show
-
fpolicy policy show
-
fpolicy policy scope show
-
fpolicy policy event show
-
fpolicy policy external-engine show
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
engines.secondary_servers |
string |
query |
False |
Filter by engines.secondary_servers |
engines.name |
string |
query |
False |
Filter by engines.name |
engines.port |
integer |
query |
False |
Filter by engines.port |
engines.primary_servers |
string |
query |
False |
Filter by engines.primary_servers |
engines.type |
string |
query |
False |
Filter by engines.type |
policies.events.name |
string |
query |
False |
Filter by policies.events.name |
policies.name |
string |
query |
False |
Filter by policies.name |
policies.engine.name |
string |
query |
False |
Filter by policies.engine.name |
policies.scope.include_shares |
string |
query |
False |
Filter by policies.scope.include_shares |
policies.scope.exclude_extension |
string |
query |
False |
Filter by policies.scope.exclude_extension |
policies.scope.exclude_shares |
string |
query |
False |
Filter by policies.scope.exclude_shares |
policies.scope.exclude_volumes |
string |
query |
False |
Filter by policies.scope.exclude_volumes |
policies.scope.exclude_export_policies |
string |
query |
False |
Filter by policies.scope.exclude_export_policies |
policies.scope.include_extension |
string |
query |
False |
Filter by policies.scope.include_extension |
policies.scope.include_volumes |
string |
query |
False |
Filter by policies.scope.include_volumes |
policies.scope.include_export_policies |
string |
query |
False |
Filter by policies.scope.include_export_policies |
policies.mandatory |
boolean |
query |
False |
Filter by policies.mandatory |
policies.enabled |
boolean |
query |
False |
Filter by policies.enabled |
policies.priority |
integer |
query |
False |
Filter by policies.priority |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
events.volume_monitoring |
boolean |
query |
False |
Filter by events.volume_monitoring |
events.protocol |
string |
query |
False |
Filter by events.protocol |
events.name |
string |
query |
False |
Filter by events.name |
events.filters.setattr_with_group_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_group_change |
events.filters.setattr_with_size_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_size_change |
events.filters.first_read |
boolean |
query |
False |
Filter by events.filters.first_read |
events.filters.close_with_read |
boolean |
query |
False |
Filter by events.filters.close_with_read |
events.filters.setattr_with_owner_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_owner_change |
events.filters.open_with_write_intent |
boolean |
query |
False |
Filter by events.filters.open_with_write_intent |
events.filters.setattr_with_modify_time_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_modify_time_change |
events.filters.setattr_with_allocation_size_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_allocation_size_change |
events.filters.write_with_size_change |
boolean |
query |
False |
Filter by events.filters.write_with_size_change |
events.filters.close_without_modification |
boolean |
query |
False |
Filter by events.filters.close_without_modification |
events.filters.setattr_with_mode_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_mode_change |
events.filters.close_with_modification |
boolean |
query |
False |
Filter by events.filters.close_with_modification |
events.filters.exclude_directory |
boolean |
query |
False |
Filter by events.filters.exclude_directory |
events.filters.offline_bit |
boolean |
query |
False |
Filter by events.filters.offline_bit |
events.filters.setattr_with_dacl_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_dacl_change |
events.filters.setattr_with_access_time_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_access_time_change |
events.filters.setattr_with_sacl_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_sacl_change |
events.filters.open_with_delete_intent |
boolean |
query |
False |
Filter by events.filters.open_with_delete_intent |
events.filters.monitor_ads |
boolean |
query |
False |
Filter by events.filters.monitor_ads |
events.filters.first_write |
boolean |
query |
False |
Filter by events.filters.first_write |
events.filters.setattr_with_creation_time_change |
boolean |
query |
False |
Filter by events.filters.setattr_with_creation_time_change |
events.file_operations.link |
boolean |
query |
False |
Filter by events.file_operations.link |
events.file_operations.write |
boolean |
query |
False |
Filter by events.file_operations.write |
events.file_operations.rename |
boolean |
query |
False |
Filter by events.file_operations.rename |
events.file_operations.delete_dir |
boolean |
query |
False |
Filter by events.file_operations.delete_dir |
events.file_operations.delete |
boolean |
query |
False |
Filter by events.file_operations.delete |
events.file_operations.setattr |
boolean |
query |
False |
Filter by events.file_operations.setattr |
events.file_operations.close |
boolean |
query |
False |
Filter by events.file_operations.close |
events.file_operations.open |
boolean |
query |
False |
Filter by events.file_operations.open |
events.file_operations.create_dir |
boolean |
query |
False |
Filter by events.file_operations.create_dir |
events.file_operations.rename_dir |
boolean |
query |
False |
Filter by events.file_operations.rename_dir |
events.file_operations.create |
boolean |
query |
False |
Filter by events.file_operations.create |
events.file_operations.read |
boolean |
query |
False |
Filter by events.file_operations.read |
events.file_operations.getattr |
boolean |
query |
False |
Filter by events.file_operations.getattr |
events.file_operations.lookup |
boolean |
query |
False |
Filter by events.file_operations.lookup |
events.file_operations.symlink |
boolean |
query |
False |
Filter by events.file_operations.symlink |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of records |
records |
array[fpolicy] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"engines": [
{
"name": "fp_ex_eng",
"port": 9876,
"primary_servers": [
"10.132.145.20",
"10.140.101.109"
],
"secondary_servers": [
"10.132.145.20",
"10.132.145.21"
],
"type": "string"
}
],
"events": [
{
"name": "event_nfs_close",
"protocol": "string"
}
],
"policies": [
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string"
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": [
"string"
],
"exclude_extension": [
"string"
],
"exclude_shares": [
"string"
],
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": [
"string"
],
"include_extension": [
"string"
],
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
fpolicy_engines
The engine defines how ONTAP makes and manages connections to external FPolicy servers.
Name | Type | Description |
---|---|---|
name |
string |
Specifies the name to assign to the external server configuration. |
port |
integer |
Port number of the FPolicy server application. |
primary_servers |
array[string] |
|
secondary_servers |
array[string] |
|
type |
string |
The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:
|
file_operations
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.
Name | Type | Description |
---|---|---|
close |
boolean |
File close operations |
create |
boolean |
File create operations |
create_dir |
boolean |
Directory create operations |
delete |
boolean |
File delete operations |
delete_dir |
boolean |
Directory delete operations |
getattr |
boolean |
Get attribute operations |
link |
boolean |
Link operations |
lookup |
boolean |
Lookup operations |
open |
boolean |
File open operations |
read |
boolean |
File read operations |
rename |
boolean |
File rename operations |
rename_dir |
boolean |
Directory rename operations |
setattr |
boolean |
Set attribute operations |
symlink |
boolean |
Symbolic link operations |
write |
boolean |
File write operations |
filters
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.
Name | Type | Description |
---|---|---|
close_with_modification |
boolean |
Filter the client request for close with modification. |
close_with_read |
boolean |
Filter the client request for close with read. |
close_without_modification |
boolean |
Filter the client request for close without modification. |
exclude_directory |
boolean |
Filter the client requests for directory operations. When this filter is specified directory operations are not monitored. |
first_read |
boolean |
Filter the client requests for the first-read. |
first_write |
boolean |
Filter the client requests for the first-write. |
monitor_ads |
boolean |
Filter the client request for alternate data stream. |
offline_bit |
boolean |
Filter the client request for offline bit set. FPolicy server receives notification only when offline files are accessed. |
open_with_delete_intent |
boolean |
Filter the client request for open with delete intent. |
open_with_write_intent |
boolean |
Filter the client request for open with write intent. |
setattr_with_access_time_change |
boolean |
Filter the client setattr requests for changing the access time of a file or directory. |
setattr_with_allocation_size_change |
boolean |
Filter the client setattr requests for changing the allocation size of a file. |
setattr_with_creation_time_change |
boolean |
Filter the client setattr requests for changing the creation time of a file or directory. |
setattr_with_dacl_change |
boolean |
Filter the client setattr requests for changing dacl on a file or directory. |
setattr_with_group_change |
boolean |
Filter the client setattr requests for changing group of a file or directory. |
setattr_with_mode_change |
boolean |
Filter the client setattr requests for changing the mode bits on a file or directory. |
setattr_with_modify_time_change |
boolean |
Filter the client setattr requests for changing the modification time of a file or directory. |
setattr_with_owner_change |
boolean |
Filter the client setattr requests for changing owner of a file or directory. |
setattr_with_sacl_change |
boolean |
Filter the client setattr requests for changing sacl on a file or directory. |
setattr_with_size_change |
boolean |
Filter the client setattr requests for changing the size of a file. |
write_with_size_change |
boolean |
Filter the client request for write with size change. |
fpolicy_events
The information that a FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server.
Name | Type | Description |
---|---|---|
file_operations |
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol. |
|
filters |
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations. |
|
name |
string |
Specifies the name of the FPolicy event. |
protocol |
string |
Protocol for which event is created. If you specify protocol, then you must also specify a valid value for the file operation parameters. The value of this parameter must be one of the following:
|
volume_monitoring |
boolean |
Specifies whether volume operation monitoring is required. |
fpolicy_engine_reference
FPolicy external engine
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the FPolicy external engine. |
fpolicy_event_reference
FPolicy events
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
scope
Name | Type | Description |
---|---|---|
exclude_export_policies |
array[string] |
|
exclude_extension |
array[string] |
|
exclude_shares |
array[string] |
|
exclude_volumes |
array[string] |
|
include_export_policies |
array[string] |
|
include_extension |
array[string] |
|
include_shares |
array[string] |
|
include_volumes |
array[string] |
fpolicy_policies
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
scope |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
fpolicy
FPolicy is an infrastructure component of ONTAP that enables partner applications connected to your storage systems to monitor and set file access permissions. Every time a client accesses a file from a storage system, based on the configuration of FPolicy, the partner application is notified about file access.
Name | Type | Description |
---|---|---|
_links |
||
engines |
array[fpolicy_engines] |
|
events |
array[fpolicy_events] |
|
policies |
array[fpolicy_policies] |
|
svm |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |