Skip to main content
REST API reference
A newer release of this product is available.

Create an export policy rule

PDFs

POST /protocols/nfs/export-policies/{policy.id}/rules

Creates an export policy rule.

Required properties

  • policy.id - Existing export policy for which to create an export rule.

  • clients.match - List of clients (hostnames, ipaddresses, netgroups, domains) to which the export rule applies.

  • ro_rule - Used to specify the security type for read-only access to volumes that use the export rule.

  • rw_rule - Used to specify the security type for read-write access to volumes that use the export rule.

Default property values

If not specified in POST, the following default property values are assigned:

  • protocols - any

  • anonymous_user - none

  • superuser - any

  • vserver export-policy rule create

Learn more

Parameters

Name Type In Required Description

policy.id

integer

path

True

Export Policy ID

Request Body

Name Type Description

_links

_links

anonymous_user

string

User ID To Which Anonymous Users Are Mapped.

clients

array[export_client]

Array of client matches

index

integer

Index of the rule within the export policy.

protocols

array[string]

ro_rule

array[string]

Authentication flavors that the read-only access rule governs

rw_rule

array[string]

Authentication flavors that the read/write access rule governs

superuser

array[string]

Authentication flavors that the superuser security type governs
Example request 
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "anonymous_user": "string",
  "clients": [
    {
      "match": "0.0.0.0/0"
    }
  ],
  "index": 0,
  "protocols": [
    "string"
  ],
  "ro_rule": [
    "string"
  ],
  "rw_rule": [
    "string"
  ],
  "superuser": [
    "string"
  ]
}

Response

Status: 201, Created
Name Type Description

_links

_links

num_records

integer

Number of Export Rule records

records

array[export_rule]
Example response 
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "anonymous_user": "string",
      "clients": [
        {
          "match": "0.0.0.0/0"
        }
      ],
      "index": 0,
      "protocols": [
        "string"
      ],
      "ro_rule": [
        "string"
      ],
      "rw_rule": [
        "string"
      ],
      "superuser": [
        "string"
      ]
    }
  ]
}

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

1703954

Export policy does not exist

1704036

Invalid clientmatch: missing domain name

1704037

Invalid clientmatch: missing network name

1704038

Invalid clientmatch: missing netgroup name

1704039

Invalid clientmatch

1704040

Invalid clientmatch: address bytes masked out by netmask are non-zero

1704041

Invalid clientmatch: address bytes masked to zero by netmask

1704042

Invalid clientmatch: too many bits in netmask

1704043

Invalid clientmatch: invalid netmask

1704044

Invalid clientmatch: invalid characters in host name

1704045

Invalid clientmatch: invalid characters in domain name

1704050

Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported

1704051

Warning: Not adding any new strings to the clientmatch field for ruleindex. All of the match strings are already in the clientmatch list

1704064

Clientmatch host name too long

1704065

Clientmatch domain name too long

3277000

Upgrade all nodes to Data ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules

3277083

User ID is not valid. Enter a value for User ID from 0 to 4294967295
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

self

href

export_client

Name Type Description

match

string

Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:

  • As a hostname; for instance, host1

  • As an IPv4 address; for instance, 10.1.12.24

  • As an IPv6 address; for instance, fd20:8b1e:b255:4071::100:1

  • As an IPv4 address with a subnet mask expressed as a number of bits; for instance, 10.1.12.0/24

  • As an IPv6 address with a subnet mask expressed as a number of bits; for instance, fd20:8b1e:b255:4071::/64

  • As an IPv4 address with a network mask; for instance, 10.1.16.0/255.255.255.0

  • As a netgroup, with the netgroup name preceded by the @ character; for instance, @eng

  • As a domain name preceded by the . character; for instance, .example.com

export_rule

Name Type Description

_links

_links

anonymous_user

string

User ID To Which Anonymous Users Are Mapped.

clients

array[export_client]

Array of client matches

index

integer

Index of the rule within the export policy.

protocols

array[string]

ro_rule

array[string]

Authentication flavors that the read-only access rule governs

rw_rule

array[string]

Authentication flavors that the read/write access rule governs

superuser

array[string]

Authentication flavors that the superuser security type governs

_links

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.