Retrieve unapplied group policy objects for all SVMs
GET /protocols/cifs/group-policies
Introduced In: 9.12
Retrieves group policy objects that are yet to be applied for all SVMs.
Related ONTAP commands
-
vserver cifs group-policy show-defined
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
registry_settings.branchcache.hash_publication_mode |
string |
query |
False |
Filter by registry_settings.branchcache.hash_publication_mode |
registry_settings.branchcache.supported_hash_version |
string |
query |
False |
Filter by registry_settings.branchcache.supported_hash_version |
registry_settings.refresh_time_interval |
string |
query |
False |
Filter by registry_settings.refresh_time_interval |
registry_settings.refresh_time_random_offset |
string |
query |
False |
Filter by registry_settings.refresh_time_random_offset |
ldap_path |
string |
query |
False |
Filter by ldap_path |
link |
string |
query |
False |
Filter by link |
uuid |
string |
query |
False |
Filter by uuid |
index |
integer |
query |
False |
Filter by index |
version |
integer |
query |
False |
Filter by version |
central_access_policy_settings |
string |
query |
False |
Filter by central_access_policy_settings |
security_settings.event_log_settings.max_size |
integer |
query |
False |
Filter by security_settings.event_log_settings.max_size |
security_settings.event_log_settings.retention_method |
string |
query |
False |
Filter by security_settings.event_log_settings.retention_method |
security_settings.event_audit_settings.logon_type |
string |
query |
False |
Filter by security_settings.event_audit_settings.logon_type |
security_settings.event_audit_settings.object_access_type |
string |
query |
False |
Filter by security_settings.event_audit_settings.object_access_type |
security_settings.privilege_rights.security_privilege_users |
string |
query |
False |
Filter by security_settings.privilege_rights.security_privilege_users |
security_settings.privilege_rights.take_ownership_users |
string |
query |
False |
Filter by security_settings.privilege_rights.take_ownership_users |
security_settings.privilege_rights.change_notify_users |
string |
query |
False |
Filter by security_settings.privilege_rights.change_notify_users |
security_settings.restricted_groups |
string |
query |
False |
Filter by security_settings.restricted_groups |
security_settings.kerberos.max_ticket_age |
string |
query |
False |
Filter by security_settings.kerberos.max_ticket_age |
security_settings.kerberos.max_renew_age |
string |
query |
False |
Filter by security_settings.kerberos.max_renew_age |
security_settings.kerberos.max_clock_skew |
string |
query |
False |
Filter by security_settings.kerberos.max_clock_skew |
security_settings.files_or_folders |
string |
query |
False |
Filter by security_settings.files_or_folders |
security_settings.restrict_anonymous.no_enumeration_of_sam_accounts |
boolean |
query |
False |
Filter by security_settings.restrict_anonymous.no_enumeration_of_sam_accounts |
security_settings.restrict_anonymous.no_enumeration_of_sam_accounts_and_shares |
boolean |
query |
False |
Filter by security_settings.restrict_anonymous.no_enumeration_of_sam_accounts_and_shares |
security_settings.restrict_anonymous.anonymous_access_to_shares_and_named_pipes_restricted |
boolean |
query |
False |
Filter by security_settings.restrict_anonymous.anonymous_access_to_shares_and_named_pipes_restricted |
security_settings.restrict_anonymous.combined_restriction_for_anonymous_user |
string |
query |
False |
Filter by security_settings.restrict_anonymous.combined_restriction_for_anonymous_user |
security_settings.registry_values.signing_required |
boolean |
query |
False |
Filter by security_settings.registry_values.signing_required |
extensions |
string |
query |
False |
Filter by extensions |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
file_system_path |
string |
query |
False |
Filter by file_system_path |
name |
string |
query |
False |
Filter by name
|
central_access_policy_staging_audit_type |
string |
query |
False |
Filter by central_access_policy_staging_audit_type |
enabled |
boolean |
query |
False |
Filter by enabled |
fields |
array[string] |
query |
False |
Specify the fields to return. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
max_records |
integer |
query |
False |
Limit the number of records returned. |
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
num_records |
integer |
Number of central access rules. |
records |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"to_be_applied": {
"access_policies": [
{
"create_time": "2018-01-01T12:00:00-04:00",
"description": "policy #1",
"member_rules": [
"r1",
"r2"
],
"name": "p1",
"sid": "S-1-5-21-256008430-3394229847-3930036330-1001",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"update_time": "2018-01-01T12:00:00-04:00"
}
],
"access_rules": [
{
"create_time": "2018-01-01T12:00:00-04:00",
"current_permission": "O:SYG:SYD:AR(A;;FA;;;WD)",
"description": "rule #1",
"name": "p1",
"proposed_permission": "O:SYG:SYD:(A;;FA;;;OW)(A;;FA;;;BA)(A;;FA;;;SY)",
"resource_criteria": "department",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"update_time": "2018-01-01T12:00:00-04:00"
}
],
"objects": [
{
"central_access_policy_settings": [
"p1",
"p2"
],
"central_access_policy_staging_audit_type": "none",
"extensions": [
"audit",
"security"
],
"file_system_path": "\\test.com\\SysVol\\test.com\\policies\\{42474212-3f9d-4489-ae01-6fcf4f805d4c}",
"index": 1,
"ldap_path": "cn={42474212-3f9d-4489-ae01-6fcf4f805d4c},cn=policies,cn=system,DC=TEST,DC=COM",
"link": "domain",
"name": "test_policy",
"registry_settings": {
"branchcache": {
"hash_publication_mode": "disabled",
"supported_hash_version": "version1"
},
"refresh_time_interval": "P15M",
"refresh_time_random_offset": "P1D"
},
"security_settings": {
"event_audit_settings": {
"logon_type": "failure",
"object_access_type": "failure"
},
"event_log_settings": {
"max_size": 2048,
"retention_method": "do_not_overwrite"
},
"files_or_folders": [
"/vol1/home",
"/vol1/dir1"
],
"kerberos": {
"max_clock_skew": "P15M",
"max_renew_age": "P2D",
"max_ticket_age": "P24H"
},
"privilege_rights": {
"change_notify_users": [
"usr1",
"usr2"
],
"security_privilege_users": [
"usr1",
"usr2"
],
"take_ownership_users": [
"usr1",
"usr2"
]
},
"restrict_anonymous": {
"combined_restriction_for_anonymous_user": "no_access"
},
"restricted_groups": [
"test_grp1",
"test_grp2"
]
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "42474212-3f9d-4489-ae01-6fcf4f805d4c",
"version": 7
}
],
"restricted_groups": [
{
"group_name": "test_group",
"link": "domain",
"members": [
"DOMAIN/test_user",
"DOMAIN/user2"
],
"memberships": [
"DOMAIN/AdministratorGrp",
"DOMAIN/deptMark"
],
"policy_name": "test_policy",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"version": 7
}
]
}
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
_links
Name | Type | Description |
---|---|---|
self |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
svm
Will not be populated for objects that are yet to be applied.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
group_policy_object_central_access_policy
Name | Type | Description |
---|---|---|
create_time |
string |
Policy creation timestamp. |
description |
string |
Description about the policy. |
member_rules |
array[string] |
Names of all central access rules applied to members. |
name |
string |
|
sid |
string |
Security ID, unique identifier of the central policy. |
svm |
Will not be populated for objects that are yet to be applied. |
|
update_time |
string |
Last policy modification timestamp. |
group_policy_object_central_access_rule
Name | Type | Description |
---|---|---|
create_time |
string |
Policy creation timestamp. |
current_permission |
string |
Effective security policy in security descriptor definition language format. |
description |
string |
Description about the policy. |
name |
string |
|
proposed_permission |
string |
Proposed security policy in security descriptor definition language format. |
resource_criteria |
string |
Criteria to scope resources for which access rules apply. |
svm |
Will not be populated for objects that are yet to be applied. |
|
update_time |
string |
Last policy modification timestamp. |
group_policy_object_branchcache
Name | Type | Description |
---|---|---|
hash_publication_mode |
string |
Hash publication mode. |
supported_hash_version |
string |
Hash version. |
group_policy_object_registry_setting
Name | Type | Description |
---|---|---|
branchcache |
||
refresh_time_interval |
string |
Refresh time interval in ISO-8601 format. |
refresh_time_random_offset |
string |
Random offset in ISO-8601 format. |
group_policy_object_event_audit
Name | Type | Description |
---|---|---|
logon_type |
string |
Type of logon event to be audited. |
object_access_type |
string |
Type of object access to be audited. |
group_policy_object_event_log
Name | Type | Description |
---|---|---|
max_size |
integer |
Maximum size of security log, in kilobytes. |
retention_method |
string |
Audit log retention method. |
group_policy_object_kerberos
Name | Type | Description |
---|---|---|
max_clock_skew |
string |
Kerberos clock skew in ISO-8601 format. |
max_renew_age |
string |
Kerberos max renew age in ISO-8601 format. |
max_ticket_age |
string |
Kerberos max ticket age in ISO-8601 format. |
group_policy_object_privilege_right
Name | Type | Description |
---|---|---|
change_notify_users |
array[string] |
Users with traversing bypass privileges. |
security_privilege_users |
array[string] |
Users with security privileges. |
take_ownership_users |
array[string] |
Users who can take ownership of securable objects. |
group_policy_object_registry_value
Name | Type | Description |
---|---|---|
signing_required |
boolean |
SMB signing required. |
group_policy_object_restrict_anonymous
Name | Type | Description |
---|---|---|
anonymous_access_to_shares_and_named_pipes_restricted |
boolean |
Restrict anonymous access to shares and named pipes. |
combined_restriction_for_anonymous_user |
string |
Combined restriction for anonymous user. |
no_enumeration_of_sam_accounts |
boolean |
No enumeration of SAM accounts. |
no_enumeration_of_sam_accounts_and_shares |
boolean |
No enumeration of SAM accounts and shares. |
group_policy_object_security_setting
Name | Type | Description |
---|---|---|
event_audit_settings |
||
event_log_settings |
||
files_or_folders |
array[string] |
Files/Directories for file security. |
kerberos |
||
privilege_rights |
||
registry_values |
||
restrict_anonymous |
||
restricted_groups |
array[string] |
List of restricted groups. |
group_policy_object
Name | Type | Description |
---|---|---|
central_access_policy_settings |
array[string] |
List of central access policies. |
central_access_policy_staging_audit_type |
string |
Types of events to be audited. |
enabled |
boolean |
Specifies whether group policies are enabled for the SVM. |
extensions |
array[string] |
List of extensions. |
file_system_path |
string |
File system path. |
index |
integer |
Group policy object index. |
ldap_path |
string |
LDAP path to the GPO. |
link |
string |
Link info. |
name |
string |
|
registry_settings |
||
security_settings |
||
svm |
Will not be populated for objects that are yet to be applied. |
|
uuid |
string |
Policy UUID. |
version |
integer |
Group policy object version. |
group_policy_object_restricted_group
Name | Type | Description |
---|---|---|
group_name |
string |
|
link |
string |
Link info. |
members |
array[string] |
Members of the group. |
memberships |
array[string] |
Group is member of Group/OU. |
policy_index |
integer |
Group policy index. |
policy_name |
string |
|
svm |
Will not be populated for objects that are yet to be applied. |
|
version |
integer |
Group policy object version. |
to_be_applied
Name | Type | Description |
---|---|---|
access_policies |
||
access_rules |
||
objects |
array[group_policy_object] |
|
restricted_groups |
policies_and_rules_to_be_applied
Name | Type | Description |
---|---|---|
svm |
||
to_be_applied |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |