Skip to main content
A newer release of this product is available.

Update an FPolicy configuration for an SVM

Contributors

PATCH /protocols/fpolicy/{svm.uuid}/policies/{name}

Introduced In: 9.6

Updates a particular FPolicy policy configuration for a specified SVM. PATCH can be used to enable or disable the policy. When enabling a policy, you must specify the policy priority. The policy priority of the policy is not required when disabling the policy. If the policy is enabled, the FPolicy policy engine cannot be modified.

  • fpolicy policy modify

  • fpolicy policy scope modify

  • fpolicy enable

  • fpolicy disable

Parameters

Name Type In Required Description

name

string

path

True

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

enabled

boolean

Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled.

engine

fpolicy_engine_reference

FPolicy external engine

events

array[fpolicy_event_reference]

mandatory

boolean

Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances.

name

string

Specifies the name of the policy.

passthrough_read

boolean

Specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are files that have been moved to secondary storage.

priority

integer

Specifies the priority that is assigned to this policy.

privileged_user

string

Specifies the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in "domain\username" format.

scope

scope

svm

svm

Example request
{
  "engine": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "string"
  },
  "events": [
    "event_nfs_close",
    "event_open"
  ],
  "name": "fp_policy_1",
  "privileged_user": "mydomain\\testuser",
  "scope": {
    "exclude_export_policies": [
      "string"
    ],
    "exclude_extension": [
      "string"
    ],
    "exclude_shares": [
      "string"
    ],
    "exclude_volumes": [
      "vol1",
      "vol_svm1",
      "*"
    ],
    "include_export_policies": [
      "string"
    ],
    "include_extension": [
      "string"
    ],
    "include_shares": [
      "sh1",
      "share_cifs"
    ],
    "include_volumes": [
      "vol1",
      "vol_svm1"
    ]
  },
  "svm": {
    "uuid": "string"
  }
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

9765026

The priority must be specified when enabling the FPolicy policy

9765025

Cannot disable an FPolicy policy when the priority is specified

9764899

Cannot modify an FPolicy engine when the policy is enabled

9764899

Deletion of a cluster policy is not supported

9764908

An FPolicy policy is already enabled

9764907

An FPolicy policy is already disabled

9765029

An FPolicy was modified but disable/enable failed as the policy is already disabled/enabled

9765036

Cannot modify an FPolicy policy as passthrough-read policies are not supported without privileged user

9765038

Passthrough-read policies are not supported with an external engine of type "asynchronous"

9765039

Passthrough-read policies are not supported with native engine

9765040

Cannot modify an FPolicy policy as passthrough-read could not be enabled/disabled when the policy is enabled

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

fpolicy_engine_reference

FPolicy external engine

Name Type Description

_links

_links

name

string

The name of the FPolicy external engine.

fpolicy_event_reference

FPolicy events

Name Type Description

_links

_links

name

string

scope

Name Type Description

check_extensions_on_directories

boolean

Specifies whether the file name extension checks also apply to directory objects. If this parameter is set to true, the directory objects are subjected to the same extension checks as regular files. If this parameter is set to false, the directory names are not matched for extensions and notifications are sent for directories even if their name extensions do not match. Default is false.

exclude_export_policies

array[string]

exclude_extension

array[string]

exclude_shares

array[string]

exclude_volumes

array[string]

include_export_policies

array[string]

include_extension

array[string]

include_shares

array[string]

include_volumes

array[string]

object_monitoring_with_no_extension

boolean

Specifies whether the extension checks also apply to objects with no extension. If this parameter is set to true, all objects with or without extensions are monitored. Default is false.

svm

Name Type Description

uuid

string

SVM UUID

fpolicy_policy

Name Type Description

enabled

boolean

Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled.

engine

fpolicy_engine_reference

FPolicy external engine

events

array[fpolicy_event_reference]

mandatory

boolean

Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances.

name

string

Specifies the name of the policy.

passthrough_read

boolean

Specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are files that have been moved to secondary storage.

priority

integer

Specifies the priority that is assigned to this policy.

privileged_user

string

Specifies the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in "domain\username" format.

scope

scope

svm

svm

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.