Skip to main content
A newer release of this product is available.

Retrieve an FPolicy configuration

Contributors

GET /protocols/fpolicy

Introduced In: 9.6

Retrieves an FPolicy configuration.

  • fpolicy show

  • fpolicy policy show

  • fpolicy policy scope show

  • fpolicy policy event show

  • fpolicy policy external-engine show

Parameters

Name Type In Required Description

engines.secondary_servers

string

query

False

Filter by engines.secondary_servers

engines.name

string

query

False

Filter by engines.name

engines.port

integer

query

False

Filter by engines.port

engines.primary_servers

string

query

False

Filter by engines.primary_servers

engines.type

string

query

False

Filter by engines.type

policies.events.name

string

query

False

Filter by policies.events.name

policies.name

string

query

False

Filter by policies.name

policies.engine.name

string

query

False

Filter by policies.engine.name

policies.scope.include_shares

string

query

False

Filter by policies.scope.include_shares

policies.scope.exclude_extension

string

query

False

Filter by policies.scope.exclude_extension

policies.scope.exclude_shares

string

query

False

Filter by policies.scope.exclude_shares

policies.scope.exclude_volumes

string

query

False

Filter by policies.scope.exclude_volumes

policies.scope.exclude_export_policies

string

query

False

Filter by policies.scope.exclude_export_policies

policies.scope.include_extension

string

query

False

Filter by policies.scope.include_extension

policies.scope.include_volumes

string

query

False

Filter by policies.scope.include_volumes

policies.scope.include_export_policies

string

query

False

Filter by policies.scope.include_export_policies

policies.mandatory

boolean

query

False

Filter by policies.mandatory

policies.enabled

boolean

query

False

Filter by policies.enabled

policies.priority

integer

query

False

Filter by policies.priority

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

events.volume_monitoring

boolean

query

False

Filter by events.volume_monitoring

events.protocol

string

query

False

Filter by events.protocol

events.name

string

query

False

Filter by events.name

events.filters.setattr_with_group_change

boolean

query

False

Filter by events.filters.setattr_with_group_change

events.filters.setattr_with_size_change

boolean

query

False

Filter by events.filters.setattr_with_size_change

events.filters.first_read

boolean

query

False

Filter by events.filters.first_read

events.filters.close_with_read

boolean

query

False

Filter by events.filters.close_with_read

events.filters.setattr_with_owner_change

boolean

query

False

Filter by events.filters.setattr_with_owner_change

events.filters.open_with_write_intent

boolean

query

False

Filter by events.filters.open_with_write_intent

events.filters.setattr_with_modify_time_change

boolean

query

False

Filter by events.filters.setattr_with_modify_time_change

events.filters.setattr_with_allocation_size_change

boolean

query

False

Filter by events.filters.setattr_with_allocation_size_change

events.filters.write_with_size_change

boolean

query

False

Filter by events.filters.write_with_size_change

events.filters.close_without_modification

boolean

query

False

Filter by events.filters.close_without_modification

events.filters.setattr_with_mode_change

boolean

query

False

Filter by events.filters.setattr_with_mode_change

events.filters.close_with_modification

boolean

query

False

Filter by events.filters.close_with_modification

events.filters.exclude_directory

boolean

query

False

Filter by events.filters.exclude_directory

events.filters.offline_bit

boolean

query

False

Filter by events.filters.offline_bit

events.filters.setattr_with_dacl_change

boolean

query

False

Filter by events.filters.setattr_with_dacl_change

events.filters.setattr_with_access_time_change

boolean

query

False

Filter by events.filters.setattr_with_access_time_change

events.filters.setattr_with_sacl_change

boolean

query

False

Filter by events.filters.setattr_with_sacl_change

events.filters.open_with_delete_intent

boolean

query

False

Filter by events.filters.open_with_delete_intent

events.filters.monitor_ads

boolean

query

False

Filter by events.filters.monitor_ads

events.filters.first_write

boolean

query

False

Filter by events.filters.first_write

events.filters.setattr_with_creation_time_change

boolean

query

False

Filter by events.filters.setattr_with_creation_time_change

events.file_operations.link

boolean

query

False

Filter by events.file_operations.link

events.file_operations.write

boolean

query

False

Filter by events.file_operations.write

events.file_operations.rename

boolean

query

False

Filter by events.file_operations.rename

events.file_operations.delete_dir

boolean

query

False

Filter by events.file_operations.delete_dir

events.file_operations.delete

boolean

query

False

Filter by events.file_operations.delete

events.file_operations.setattr

boolean

query

False

Filter by events.file_operations.setattr

events.file_operations.close

boolean

query

False

Filter by events.file_operations.close

events.file_operations.open

boolean

query

False

Filter by events.file_operations.open

events.file_operations.create_dir

boolean

query

False

Filter by events.file_operations.create_dir

events.file_operations.rename_dir

boolean

query

False

Filter by events.file_operations.rename_dir

events.file_operations.create

boolean

query

False

Filter by events.file_operations.create

events.file_operations.read

boolean

query

False

Filter by events.file_operations.read

events.file_operations.getattr

boolean

query

False

Filter by events.file_operations.getattr

events.file_operations.lookup

boolean

query

False

Filter by events.file_operations.lookup

events.file_operations.symlink

boolean

query

False

Filter by events.file_operations.symlink

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

num_records

integer

Number of records

records

array[fpolicy]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "engines": [
        {
          "name": "fp_ex_eng",
          "port": 9876,
          "primary_servers": [
            "10.132.145.20",
            "10.140.101.109"
          ],
          "secondary_servers": [
            "10.132.145.20",
            "10.132.145.21"
          ],
          "type": "string"
        }
      ],
      "events": [
        {
          "name": "event_nfs_close",
          "protocol": "string"
        }
      ],
      "policies": [
        {
          "engine": {
            "_links": {
              "self": {
                "href": "/api/resourcelink"
              }
            },
            "name": "string"
          },
          "events": [
            "event_nfs_close",
            "event_open"
          ],
          "name": "fp_policy_1",
          "scope": {
            "exclude_export_policies": [
              "string"
            ],
            "exclude_extension": [
              "string"
            ],
            "exclude_shares": [
              "string"
            ],
            "exclude_volumes": [
              "vol1",
              "vol_svm1",
              "*"
            ],
            "include_export_policies": [
              "string"
            ],
            "include_extension": [
              "string"
            ],
            "include_shares": [
              "sh1",
              "share_cifs"
            ],
            "include_volumes": [
              "vol1",
              "vol_svm1"
            ]
          }
        }
      ],
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

Name Type Description

self

href

fpolicy_engines

The engine defines how ONTAP makes and manages connections to external FPolicy servers.

Name Type Description

name

string

Specifies the name to assign to the external server configuration.

port

integer

Port number of the FPolicy server application.

primary_servers

array[string]

secondary_servers

array[string]

type

string

The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:

  • synchronous - After sending a notification, wait for a response from the FPolicy server.

  • asynchronous - After sending a notification, file request processing continues.

    • Default value: 1

    • enum: ["synchronous", "asynchronous"]

    • Introduced in: 9.10

file_operations

Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.

Name Type Description

close

boolean

File close operations

create

boolean

File create operations

create_dir

boolean

Directory create operations

delete

boolean

File delete operations

delete_dir

boolean

Directory delete operations

getattr

boolean

Get attribute operations

link

boolean

Link operations

lookup

boolean

Lookup operations

open

boolean

File open operations

read

boolean

File read operations

rename

boolean

File rename operations

rename_dir

boolean

Directory rename operations

setattr

boolean

Set attribute operations

symlink

boolean

Symbolic link operations

write

boolean

File write operations

filters

Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.

Name Type Description

close_with_modification

boolean

Filter the client request for close with modification.

close_with_read

boolean

Filter the client request for close with read.

close_without_modification

boolean

Filter the client request for close without modification.

exclude_directory

boolean

Filter the client requests for directory operations. When this filter is specified directory operations are not monitored.

first_read

boolean

Filter the client requests for the first-read.

first_write

boolean

Filter the client requests for the first-write.

monitor_ads

boolean

Filter the client request for alternate data stream.

offline_bit

boolean

Filter the client request for offline bit set. FPolicy server receives notification only when offline files are accessed.

open_with_delete_intent

boolean

Filter the client request for open with delete intent.

open_with_write_intent

boolean

Filter the client request for open with write intent.

setattr_with_access_time_change

boolean

Filter the client setattr requests for changing the access time of a file or directory.

setattr_with_allocation_size_change

boolean

Filter the client setattr requests for changing the allocation size of a file.

setattr_with_creation_time_change

boolean

Filter the client setattr requests for changing the creation time of a file or directory.

setattr_with_dacl_change

boolean

Filter the client setattr requests for changing dacl on a file or directory.

setattr_with_group_change

boolean

Filter the client setattr requests for changing group of a file or directory.

setattr_with_mode_change

boolean

Filter the client setattr requests for changing the mode bits on a file or directory.

setattr_with_modify_time_change

boolean

Filter the client setattr requests for changing the modification time of a file or directory.

setattr_with_owner_change

boolean

Filter the client setattr requests for changing owner of a file or directory.

setattr_with_sacl_change

boolean

Filter the client setattr requests for changing sacl on a file or directory.

setattr_with_size_change

boolean

Filter the client setattr requests for changing the size of a file.

write_with_size_change

boolean

Filter the client request for write with size change.

fpolicy_events

The information that a FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server.

Name Type Description

file_operations

file_operations

Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.

filters

filters

Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.

name

string

Specifies the name of the FPolicy event.

protocol

string

Protocol for which event is created. If you specify protocol, then you must also specify a valid value for the file operation parameters. The value of this parameter must be one of the following:

  • cifs - for the CIFS protocol.

  • nfsv3 - for the NFSv3 protocol.

  • nfsv4 - for the NFSv4 protocol.

volume_monitoring

boolean

Specifies whether volume operation monitoring is required.

fpolicy_engine_reference

FPolicy external engine

Name Type Description

_links

_links

name

string

The name of the FPolicy external engine.

fpolicy_event_reference

FPolicy events

Name Type Description

_links

_links

name

string

scope

Name Type Description

exclude_export_policies

array[string]

exclude_extension

array[string]

exclude_shares

array[string]

exclude_volumes

array[string]

include_export_policies

array[string]

include_extension

array[string]

include_shares

array[string]

include_volumes

array[string]

fpolicy_policies

Name Type Description

enabled

boolean

Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled.

engine

fpolicy_engine_reference

FPolicy external engine

events

array[fpolicy_event_reference]

mandatory

boolean

Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances.

name

string

Specifies the name of the policy.

priority

integer

Specifies the priority that is assigned to this policy.

scope

scope

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

fpolicy

FPolicy is an infrastructure component of ONTAP that enables partner applications connected to your storage systems to monitor and set file access permissions. Every time a client accesses a file from a storage system, based on the configuration of FPolicy, the partner application is notified about file access.

Name Type Description

_links

_links

engines

array[fpolicy_engines]

events

array[fpolicy_events]

policies

array[fpolicy_policies]

svm

svm

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.