Skip to main content
A newer release of this product is available.

Create an export policy

Contributors

POST /protocols/nfs/export-policies

Introduced In: 9.6

Creates an export policy. An SVM can have any number of export policies to define rules for which clients can access data exported by the SVM. A policy with no rules prohibits access.

Required properties

  • svm.uuid or svm.name - Existing SVM in which to create an export policy.

  • name - Name of the export policy.

  • rules - Rule(s) of an export policy. Used to create the export rule and populate the export policy with export rules in a single request.

  • rules[].index - If you specify an index number that already matches a rule, the index number of the existing rule is incremented, as are the index numbers of all subsequent rules, either to the end of the list or to an open space in the list. If you do not specify an index number, the new rule is placed at the end of the policy's list.

  • vserver export-policy create

  • vserver export-policy rule create

Parameters

Name Type In Required Description

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

Request Body

Name Type Description

_links

_links

id

integer

Export Policy ID

name

string

Export Policy Name

rules

array[export_rules]

Rules of the Export Policy.

svm

svm

SVM, applies only to SVM-scoped objects.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "id": 0,
  "name": "string",
  "rules": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "anonymous_user": "string",
      "chown_mode": "string",
      "clients": [
        {
          "match": "0.0.0.0/0"
        }
      ],
      "ntfs_unix_security": "string",
      "protocols": [
        "string"
      ],
      "ro_rule": [
        "string"
      ],
      "rw_rule": [
        "string"
      ],
      "superuser": [
        "string"
      ]
    }
  ],
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

The number of export policy records

records

array[export_policy]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "id": 0,
      "name": "string",
      "rules": [
        {
          "_links": {
            "self": {
              "href": "/api/resourcelink"
            }
          },
          "anonymous_user": "string",
          "chown_mode": "string",
          "clients": [
            {
              "match": "0.0.0.0/0"
            }
          ],
          "ntfs_unix_security": "string",
          "protocols": [
            "string"
          ],
          "ro_rule": [
            "string"
          ],
          "rw_rule": [
            "string"
          ],
          "superuser": [
            "string"
          ]
        }
      ],
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      }
    }
  ]
}

Headers

Name Description Type

Location

Useful for tracking the resource location

string

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

1703952

Invalid ruleset name provided. No spaces allowed in a ruleset name

1703954

Export policy does not exist

1704036

Invalid clientmatch: missing domain name

1704037

Invalid clientmatch: missing network name

1704038

Invalid clientmatch: missing netgroup name

1704039

Invalid clientmatch

1704040

Invalid clientmatch: address bytes masked out by netmask are non-zero

1704041

Invalid clientmatch: address bytes masked to zero by netmask

1704042

Invalid clientmatch: too many bits in netmask

1704043

Invalid clientmatch: invalid netmask

1704044

Invalid clientmatch: invalid characters in host name

1704045

Invalid clientmatch: invalid characters in domain name

1704047

The export policy name cannot be longer than 256 characters

1704049

Invalid clientmatch: clientmatch lists require an effective cluster version of Data ONTAP 9.0 or later. Upgrade all nodes to Data ONTAP 9.0 or above to use features that operate on lists of clientmatch strings in export-policy rules

1704050

Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported

1704054

Invalid clientmatch: invalid characters in netgroup name. Valid characters for a netgroup name are 0-9, A-Z, a-z, ".", "_" and "-"

1704055

Export policies are only supported for data Vservers

1704064

Clientmatch host name too long

1704065

Clientmatch domain name too long

3277000

Upgrade all nodes to ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules

3277083

User ID is not valid. Enter a value for User ID from 0 to 4294967295

Name Type Description

error

returned_error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

export_clients

Name Type Description

match

string

Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:

  • As a hostname; for instance, host1

  • As an IPv4 address; for instance, 10.1.12.24

  • As an IPv6 address; for instance, fd20:8b1e:b255:4071::100:1

  • As an IPv4 address with a subnet mask expressed as a number of bits; for instance, 10.1.12.0/24

  • As an IPv6 address with a subnet mask expressed as a number of bits; for instance, fd20:8b1e:b255:4071::/64

  • As an IPv4 address with a network mask; for instance, 10.1.16.0/255.255.255.0

  • As a netgroup, with the netgroup name preceded by the @ character; for instance, @eng

  • As a domain name preceded by the . character; for instance, .example.com

export_rules

Name Type Description

_links

_links

allow_device_creation

boolean

Specifies whether or not device creation is allowed.

allow_suid

boolean

Specifies whether or not SetUID bits in SETATTR Op is to be honored.

anonymous_user

string

User ID To Which Anonymous Users Are Mapped.

chown_mode

string

Specifies who is authorized to change the ownership mode of a file.

clients

array[export_clients]

Array of client matches

index

integer

Index of the rule within the export policy.

ntfs_unix_security

string

NTFS export UNIX security options.

protocols

array[string]

ro_rule

array[string]

Authentication flavors that the read-only access rule governs

rw_rule

array[string]

Authentication flavors that the read/write access rule governs

superuser

array[string]

Authentication flavors that the superuser security type governs

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

export_policy

Name Type Description

_links

_links

id

integer

Export Policy ID

name

string

Export Policy Name

rules

array[export_rules]

Rules of the Export Policy.

svm

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

returned_error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.