Skip to main content
A newer release of this product is available.

Retrieve file permissions

Contributors

GET /protocols/file-security/permissions/{svm.uuid}/{path}

Introduced In: 9.9

Retrieves file permissions

  • vserver security file-directory show

Parameters

Name Type In Required Description

path

string

path

True

target path

fields

array[string]

query

False

Specify the fields to return.

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Response

Status: 200, Ok
Name Type Description

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value slag is not supported on FlexGroups volumes. The default value is "file-directory".

acls

array[acl]

A discretionary access security list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the access control entries (ACEs) in the object's DACL to determine whether to grant access to it.

control_flags

string

Specifies the control flags in the SD. It is a Hexadecimal Value.

dos_attributes

string

Specifies the file attributes on this file or directory.

effective_style

string

Specifies the effective style of the SD. The following values are supported:

  • unix - UNIX style

  • ntfs - NTFS style

  • mixed - Mixed style

  • unified - Unified style

group

string

Specifies the owner's primary group. You can specify the owner group using either a group name or SID.

group_id

string

Specifies group ID on this file or directory.

ignore_paths

array[string]

Specifies that permissions on this file or directory cannot be replaced.

inode

integer

Specifies the File Inode number.

mode_bits

integer

Specifies the mode bits on this file or directory.

owner

string

Specifies the owner of the SD. You can specify the owner using either a user name or security identifier (SID). The owner of the SD can modify the permissions on the file (or folder) or files (or folders) to which the SD is applied and can give other users the right to take ownership of the object or objects to which the SD is applied.

propagation_mode

string

Specifies how to propagate security settings to child subfolders and files. This setting determines how child files/folders contained within a parent folder inherit access control and audit information from the parent folder. The available values are:

  • propogate - propagate inheritable permissions to all subfolders and files

  • replace - replace existing permissions on all subfolders and files with inheritable permissions

security_style

string

Specifies the security style of the SD. The following values are supported:

  • unix - UNIX style

  • ntfs - NTFS style

  • mixed - Mixed style

  • unified - Unified style

text_dos_attr

string

Specifies the textual format of file attributes on this file or directory.

text_mode_bits

string

Specifies the textual format of mode bits on this file or directory.

user_id

string

Specifies user ID of this file or directory.

Example response
{
  "access_control": "file_directory",
  "acls": [
    {
      "access": "access_allow",
      "access_control": "file_directory",
      "inherited": 1,
      "rights": "full_control",
      "user": "S-1-5-21-2233347455-2266964949-1780268902-69304"
    }
  ],
  "control_flags": "8014",
  "dos_attributes": "10",
  "effective_style": "mixed",
  "group": "S-1-5-21-2233347455-2266964949-1780268902-69700",
  "group_id": "2",
  "ignore_paths": [
    "/dir1/dir2/",
    "/parent/dir3"
  ],
  "inode": 64,
  "mode_bits": 777,
  "owner": "S-1-5-21-2233347455-2266964949-1780268902-69304",
  "propagation_mode": "propagate",
  "security_style": "ntfs",
  "text_dos_attr": "---A----",
  "text_mode_bits": "rwxrwxrwx",
  "user_id": "10"
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

advanced_rights

Specifies the advanced access right controlled by the ACE for the account specified. You can specify more than one "advanced-rights" value by using a comma-delimited list.

Name Type Description

append_data

boolean

Append DAta

delete

boolean

Delete

delete_child

boolean

Delete Child

execute_file

boolean

Execute File

full_control

boolean

Full Control

read_attr

boolean

Read Attributes

read_data

boolean

Read Data

read_ea

boolean

Read Extended Attributes

read_perm

boolean

Read Permissions

synchronize

boolean

Synchronize

write_attr

boolean

Write Attributes

write_data

boolean

Write Data

write_ea

boolean

Write Extended Attributes

write_owner

boolean

Write Owner

write_perm

boolean

Write Permission

apply_to

Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.

Name Type Description

files

boolean

Apply to Files

sub_folders

boolean

Apply to all sub-folders

this_folder

boolean

Apply only to this folder

acl

An ACE is an element in an access control list (ACL). An ACL can have zero or more ACEs. Each ACE controls or monitors access to an object by a specified trustee.

Name Type Description

access

string

Specifies whether the ACL is for DACL or SACL. The available values are:

  • access_allow - DACL for allow access

  • access_deny - DACL for deny access

  • access_allowed_callback - CALLBACK for allowed access

  • access_denied_callback - CALLBACK for denied access

  • access_allowed_callback_object - CALLBACK OBJECT for allowed access

  • access_denied_callback_object - CALLBACK OBJECT for denied access

  • system_audit_callback - SYSTEM Audit Callback ace

  • system_audit_callback_object - SYSTEM Audit Callback Object ace

  • system_resource_attribute - SYSTEM Resource Attribute

  • system_scoped_policy_id - SYSTEM Scope Policy ID

  • audit_success - SACL for success access

  • audit_failure - SACL for failure access

  • audit_success_and_failure - SACL for both success and failure access

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value slag is not supported on FlexGroups volumes. The default value is "file-directory".

advanced_rights

advanced_rights

Specifies the advanced access right controlled by the ACE for the account specified. You can specify more than one "advanced-rights" value by using a comma-delimited list.

apply_to

apply_to

Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.

inherited

boolean

Indicates whether or not the ACE flag is inherited.

rights

string

Specifies the access right controlled by the ACE for the account specified. The "rights" parameter is mutually exclusive with the "advanced_rights" parameter. If you specify the "rights" parameter, you can specify one of the following "rights" values:

user

string

Specifies the account to which the ACE applies. You can specify either name or SID.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.