Retrieve the FPolicy configuration for an SVM
GET /protocols/fpolicy/{svm.uuid}
Retrieves an FPolicy configuration of an SVM.
Related ONTAP commands
-
fpolicy show
-
fpolicy policy show
-
fpolicy policy scope show
-
fpolicy policy event show
-
fpolicy policy external-engine show
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
fields |
array[string] |
query |
False |
Specify the fields to return. |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
engines |
array[fpolicy_engine] |
|
events |
array[fpolicy_event] |
|
policies |
array[fpolicy_policy] |
|
svm |
Example response
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"engines": [
{
"name": "fp_ex_eng",
"port": 9876,
"primary_servers": [
"10.132.145.20",
"10.140.101.109"
],
"secondary_servers": [
"10.132.145.20",
"10.132.145.21"
],
"type": "string"
}
],
"events": [
{
"name": "event_nfs_close",
"protocol": "string"
}
],
"policies": [
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string"
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": [
"string"
],
"exclude_extension": [
"string"
],
"exclude_shares": [
"string"
],
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": [
"string"
],
"include_extension": [
"string"
],
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
fpolicy_engine
The engine defines how ONTAP makes and manages connections to external FPolicy servers.
Name | Type | Description |
---|---|---|
name |
string |
Specifies the name to assign to the external server configuration. |
port |
integer |
Port number of the FPolicy server application. |
primary_servers |
array[string] |
|
secondary_servers |
array[string] |
|
type |
string |
The notification mode determines what ONTAP does after sending notifications to FPolicy servers. The possible values are:
|
file_operations
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol.
Name | Type | Description |
---|---|---|
close |
boolean |
File close operations |
create |
boolean |
File create operations |
create_dir |
boolean |
Directory create operations |
delete |
boolean |
File delete operations |
delete_dir |
boolean |
Directory delete operations |
getattr |
boolean |
Get attribute operations |
link |
boolean |
Link operations |
lookup |
boolean |
Lookup operations |
open |
boolean |
File open operations |
read |
boolean |
File read operations |
rename |
boolean |
File rename operations |
rename_dir |
boolean |
Directory rename operations |
setattr |
boolean |
Set attribute operations |
symlink |
boolean |
Symbolic link operations |
write |
boolean |
File write operations |
filters
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations.
Name | Type | Description |
---|---|---|
close_with_modification |
boolean |
Filter the client request for close with modification. |
close_with_read |
boolean |
Filter the client request for close with read. |
close_without_modification |
boolean |
Filter the client request for close without modification. |
exclude_directory |
boolean |
Filter the client requests for directory operations. When this filter is specified directory operations are not monitored. |
first_read |
boolean |
Filter the client requests for the first-read. |
first_write |
boolean |
Filter the client requests for the first-write. |
monitor_ads |
boolean |
Filter the client request for alternate data stream. |
offline_bit |
boolean |
Filter the client request for offline bit set. FPolicy server receives notification only when offline files are accessed. |
open_with_delete_intent |
boolean |
Filter the client request for open with delete intent. |
open_with_write_intent |
boolean |
Filter the client request for open with write intent. |
setattr_with_access_time_change |
boolean |
Filter the client setattr requests for changing the access time of a file or directory. |
setattr_with_allocation_size_change |
boolean |
Filter the client setattr requests for changing the allocation size of a file. |
setattr_with_creation_time_change |
boolean |
Filter the client setattr requests for changing the creation time of a file or directory. |
setattr_with_dacl_change |
boolean |
Filter the client setattr requests for changing dacl on a file or directory. |
setattr_with_group_change |
boolean |
Filter the client setattr requests for changing group of a file or directory. |
setattr_with_mode_change |
boolean |
Filter the client setattr requests for changing the mode bits on a file or directory. |
setattr_with_modify_time_change |
boolean |
Filter the client setattr requests for changing the modification time of a file or directory. |
setattr_with_owner_change |
boolean |
Filter the client setattr requests for changing owner of a file or directory. |
setattr_with_sacl_change |
boolean |
Filter the client setattr requests for changing sacl on a file or directory. |
setattr_with_size_change |
boolean |
Filter the client setattr requests for changing the size of a file. |
write_with_size_change |
boolean |
Filter the client request for write with size change. |
fpolicy_event
The information that a FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server.
Name | Type | Description |
---|---|---|
file_operations |
Specifies the file operations for the FPolicy event. You must specify a valid protocol in the protocol parameter. The event will check the operations specified from all client requests using the protocol. |
|
filters |
Specifies the list of filters for a given file operation for the specified protocol. When you specify the filters, you must specify the valid protocols and a valid file operations. |
|
name |
string |
Specifies the name of the FPolicy event. |
protocol |
string |
Protocol for which event is created. If you specify protocol, then you must also specify a valid value for the file operation parameters. The value of this parameter must be one of the following:
|
volume_monitoring |
boolean |
Specifies whether volume operation monitoring is required. |
fpolicy_engine_reference
FPolicy external engine
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the FPolicy external engine. |
fpolicy_event_reference
FPolicy events
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
scope
Name | Type | Description |
---|---|---|
exclude_export_policies |
array[string] |
|
exclude_extension |
array[string] |
|
exclude_shares |
array[string] |
|
exclude_volumes |
array[string] |
|
include_export_policies |
array[string] |
|
include_extension |
array[string] |
|
include_shares |
array[string] |
|
include_volumes |
array[string] |
fpolicy_policy
Name | Type | Description |
---|---|---|
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
scope |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |