Skip to main content
A newer release of this product is available.

Create an export policy rule

Contributors

POST /protocols/nfs/export-policies/{policy.id}/rules

Introduced In: 9.6

Creates an export policy rule.

Required properties

  • policy.id - Existing export policy for which to create an export rule.

  • clients.match - List of clients (hostnames, ipaddresses, netgroups, domains) to which the export rule applies.

  • ro_rule - Used to specify the security type for read-only access to volumes that use the export rule.

  • rw_rule - Used to specify the security type for read-write access to volumes that use the export rule.

Default property values

If not specified in POST, the following default property values are assigned:

  • protocols - any

  • anonymous_user - none

  • superuser - any

  • allow_device_creation - true

  • ntfs_unix_security - fail

  • chown_mode - restricted

  • allow_suid - true

  • vserver export-policy rule create

Parameters

Name Type In Required Description

policy.id

integer

path

True

Export Policy ID

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

allow_device_creation

boolean

Specifies whether or not device creation is allowed.

allow_suid

boolean

Specifies whether or not SetUID bits in SETATTR Op is to be honored.

anonymous_user

string

User ID To Which Anonymous Users Are Mapped.

chown_mode

string

Specifies who is authorized to change the ownership mode of a file.

clients

array[export_clients]

Array of client matches

index

integer

Index of the rule within the export policy.

ntfs_unix_security

string

NTFS export UNIX security options.

policy

policy

protocols

array[string]

ro_rule

array[string]

Authentication flavors that the read-only access rule governs

rw_rule

array[string]

Authentication flavors that the read/write access rule governs

superuser

array[string]

Authentication flavors that the superuser security type governs

svm

svm

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "anonymous_user": "string",
  "chown_mode": "string",
  "clients": [
    {
      "match": "0.0.0.0/0"
    }
  ],
  "index": 0,
  "ntfs_unix_security": "string",
  "policy": {
    "name": "string"
  },
  "protocols": [
    "string"
  ],
  "ro_rule": [
    "string"
  ],
  "rw_rule": [
    "string"
  ],
  "superuser": [
    "string"
  ],
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

Number of Export Rule records

records

array[export_rule]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "anonymous_user": "string",
      "chown_mode": "string",
      "clients": [
        {
          "match": "0.0.0.0/0"
        }
      ],
      "index": 0,
      "ntfs_unix_security": "string",
      "policy": {
        "name": "string"
      },
      "protocols": [
        "string"
      ],
      "ro_rule": [
        "string"
      ],
      "rw_rule": [
        "string"
      ],
      "superuser": [
        "string"
      ],
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

1703954

Export policy does not exist

1704036

Invalid clientmatch: missing domain name

1704037

Invalid clientmatch: missing network name

1704038

Invalid clientmatch: missing netgroup name

1704039

Invalid clientmatch

1704040

Invalid clientmatch: address bytes masked out by netmask are non-zero

1704041

Invalid clientmatch: address bytes masked to zero by netmask

1704042

Invalid clientmatch: too many bits in netmask

1704043

Invalid clientmatch: invalid netmask

1704044

Invalid clientmatch: invalid characters in host name

1704045

Invalid clientmatch: invalid characters in domain name

1704050

Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported

1704051

Warning: Not adding any new strings to the clientmatch field for ruleindex. All of the match strings are already in the clientmatch list

1704064

Clientmatch host name too long

1704065

Clientmatch domain name too long

3277000

Upgrade all nodes to Data ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules

3277083

User ID is not valid. Enter a value for User ID from 0 to 4294967295

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

export_clients

Name Type Description

match

string

Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:

  • As a hostname; for instance, host1

  • As an IPv4 address; for instance, 10.1.12.24

  • As an IPv6 address; for instance, fd20:8b1e:b255:4071::100:1

  • As an IPv4 address with a subnet mask expressed as a number of bits; for instance, 10.1.12.0/24

  • As an IPv6 address with a subnet mask expressed as a number of bits; for instance, fd20:8b1e:b255:4071::/64

  • As an IPv4 address with a network mask; for instance, 10.1.16.0/255.255.255.0

  • As a netgroup, with the netgroup name preceded by the @ character; for instance, @eng

  • As a domain name preceded by the . character; for instance, .example.com

policy

Name Type Description

id

integer

Export policy ID

name

string

Export policy name

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

export_rule

Name Type Description

_links

_links

allow_device_creation

boolean

Specifies whether or not device creation is allowed.

allow_suid

boolean

Specifies whether or not SetUID bits in SETATTR Op is to be honored.

anonymous_user

string

User ID To Which Anonymous Users Are Mapped.

chown_mode

string

Specifies who is authorized to change the ownership mode of a file.

clients

array[export_clients]

Array of client matches

index

integer

Index of the rule within the export policy.

ntfs_unix_security

string

NTFS export UNIX security options.

policy

policy

protocols

array[string]

ro_rule

array[string]

Authentication flavors that the read-only access rule governs

rw_rule

array[string]

Authentication flavors that the read/write access rule governs

superuser

array[string]

Authentication flavors that the superuser security type governs

svm

svm

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.