Retrieve an applied group policy object for an SVM

05/08/2024 Contributors

PDFs

GET /protocols/cifs/group-policies/{svm.uuid}/objects/{index}

Introduced In: 9.12

Retrieves applied group policy object for specified SVM.

vserver cifs group-policy show-applied

Parameters

Name	Type	In	Required	Description
index	integer	path	True	Restricted group index.
svm.uuid	string	path	True	UUID of the SVM to which this object belongs.
fields	array[string]	query	False	Specify the fields to return.

Name

Type

Required

Description

index

integer

path

True

Restricted group index.

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

fields

array[string]

query

False

Specify the fields to return.

Response

Status: 200, Ok

Name	Type	Description
central_access_policy_settings	array[string]	List of central access policies.
central_access_policy_staging_audit_type	string	Types of events to be audited.
enabled	boolean	Specifies whether group policies are enabled for the SVM.
extensions	array[string]	List of extensions.
file_system_path	string	File system path.
index	integer	Group policy object index.
ldap_path	string	LDAP path to the GPO.
link	string	Link info.
name	string
registry_settings	group_policy_object_registry_setting
security_settings	group_policy_object_security_setting
svm	svm	Will not be populated for objects that are yet to be applied.
uuid	string	Policy UUID.
version	integer	Group policy object version.

Name

Type

Description

central_access_policy_settings

array[string]

List of central access policies.

central_access_policy_staging_audit_type

string

Types of events to be audited.

enabled

boolean

Specifies whether group policies are enabled for the SVM.

extensions

array[string]

List of extensions.

file_system_path

string

File system path.

index

integer

Group policy object index.

ldap_path

string

LDAP path to the GPO.

link

string

Link info.

name

string

registry_settings

group_policy_object_registry_setting

security_settings

group_policy_object_security_setting

svm

Will not be populated for objects that are yet to be applied.

uuid

string

Policy UUID.

version

integer

Group policy object version.

Example response

{
  "central_access_policy_settings": [
    "p1",
    "p2"
  ],
  "central_access_policy_staging_audit_type": "none",
  "extensions": [
    "audit",
    "security"
  ],
  "file_system_path": "\\test.com\\SysVol\\test.com\\policies\\{42474212-3f9d-4489-ae01-6fcf4f805d4c}",
  "index": 1,
  "ldap_path": "cn={42474212-3f9d-4489-ae01-6fcf4f805d4c},cn=policies,cn=system,DC=TEST,DC=COM",
  "link": "domain",
  "name": "test_policy",
  "registry_settings": {
    "branchcache": {
      "hash_publication_mode": "disabled",
      "supported_hash_version": "version1"
    },
    "refresh_time_interval": "P15M",
    "refresh_time_random_offset": "P1D"
  },
  "security_settings": {
    "event_audit_settings": {
      "logon_type": "failure",
      "object_access_type": "failure"
    },
    "event_log_settings": {
      "max_size": 2048,
      "retention_method": "do_not_overwrite"
    },
    "files_or_folders": [
      "/vol1/home",
      "/vol1/dir1"
    ],
    "kerberos": {
      "max_clock_skew": "P15M",
      "max_renew_age": "P2D",
      "max_ticket_age": "P24H"
    },
    "privilege_rights": {
      "change_notify_users": [
        "usr1",
        "usr2"
      ],
      "security_privilege_users": [
        "usr1",
        "usr2"
      ],
      "take_ownership_users": [
        "usr1",
        "usr2"
      ]
    },
    "restrict_anonymous": {
      "combined_restriction_for_anonymous_user": "no_access"
    },
    "restricted_groups": [
      "test_grp1",
      "test_grp2"
    ]
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "uuid": "42474212-3f9d-4489-ae01-6fcf4f805d4c",
  "version": 7
}

Error

Status: Default, Error

Name	Type	Description
error	error

Name

Type

Description

error

Example error

{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

group_policy_object_branchcache

Name	Type	Description
hash_publication_mode	string	Hash publication mode.
supported_hash_version	string	Hash version.

Name

Type

Description

hash_publication_mode

string

Hash publication mode.

supported_hash_version

string

Hash version.

group_policy_object_registry_setting

Name	Type	Description
branchcache	group_policy_object_branchcache
refresh_time_interval	string	Refresh time interval in ISO-8601 format.
refresh_time_random_offset	string	Random offset in ISO-8601 format.

Name

Type

Description

branchcache

group_policy_object_branchcache

refresh_time_interval

string

Refresh time interval in ISO-8601 format.

refresh_time_random_offset

string

Random offset in ISO-8601 format.

group_policy_object_event_audit

Name	Type	Description
logon_type	string	Type of logon event to be audited.
object_access_type	string	Type of object access to be audited.

Name

Type

Description

logon_type

string

Type of logon event to be audited.

object_access_type

string

Type of object access to be audited.

group_policy_object_event_log

Name	Type	Description
max_size	integer	Maximum size of security log, in kilobytes.
retention_method	string	Audit log retention method.

Name

Type

Description

max_size

integer

Maximum size of security log, in kilobytes.

retention_method

string

Audit log retention method.

group_policy_object_kerberos

Name	Type	Description
max_clock_skew	string	Kerberos clock skew in ISO-8601 format.
max_renew_age	string	Kerberos max renew age in ISO-8601 format.
max_ticket_age	string	Kerberos max ticket age in ISO-8601 format.

Name

Type

Description

max_clock_skew

string

Kerberos clock skew in ISO-8601 format.

max_renew_age

string

Kerberos max renew age in ISO-8601 format.

max_ticket_age

string

Kerberos max ticket age in ISO-8601 format.

group_policy_object_privilege_right

Name	Type	Description
change_notify_users	array[string]	Users with traversing bypass privileges.
security_privilege_users	array[string]	Users with security privileges.
take_ownership_users	array[string]	Users who can take ownership of securable objects.

Name

Type

Description

change_notify_users

array[string]

Users with traversing bypass privileges.

security_privilege_users

array[string]

Users with security privileges.

take_ownership_users

array[string]

Users who can take ownership of securable objects.

group_policy_object_registry_value

Name	Type	Description
signing_required	boolean	SMB signing required.

Name

Type

Description

signing_required

boolean

SMB signing required.

group_policy_object_restrict_anonymous

Name	Type	Description
anonymous_access_to_shares_and_named_pipes_restricted	boolean	Restrict anonymous access to shares and named pipes.
combined_restriction_for_anonymous_user	string	Combined restriction for anonymous user.
no_enumeration_of_sam_accounts	boolean	No enumeration of SAM accounts.
no_enumeration_of_sam_accounts_and_shares	boolean	No enumeration of SAM accounts and shares.

Name

Type

Description

anonymous_access_to_shares_and_named_pipes_restricted

boolean

Restrict anonymous access to shares and named pipes.

combined_restriction_for_anonymous_user

string

Combined restriction for anonymous user.

no_enumeration_of_sam_accounts

boolean

No enumeration of SAM accounts.

no_enumeration_of_sam_accounts_and_shares

boolean

No enumeration of SAM accounts and shares.

group_policy_object_security_setting

Name	Type	Description
event_audit_settings	group_policy_object_event_audit
event_log_settings	group_policy_object_event_log
files_or_folders	array[string]	Files/Directories for file security.
kerberos	group_policy_object_kerberos
privilege_rights	group_policy_object_privilege_right
registry_values	group_policy_object_registry_value
restrict_anonymous	group_policy_object_restrict_anonymous
restricted_groups	array[string]	List of restricted groups.

Name

Type

Description

event_audit_settings

group_policy_object_event_audit

event_log_settings

group_policy_object_event_log

files_or_folders

array[string]

Files/Directories for file security.

kerberos

group_policy_object_kerberos

privilege_rights

group_policy_object_privilege_right

registry_values

group_policy_object_registry_value

restrict_anonymous

group_policy_object_restrict_anonymous

restricted_groups

array[string]

List of restricted groups.

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

svm

Will not be populated for objects that are yet to be applied.

Name	Type	Description
_links	_links
name	string	The name of the SVM.
uuid	string	The unique identifier of the SVM.

Name

Type

Description

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Retrieve an applied group policy object for an SVM

Creating your file...

Related ONTAP commands

Parameters

Response

Error

Definitions