REST API reference
Create the FPolicy configuration for an SVM
Suggest changes
PDFs
POST /protocols/fpolicy/{svm.uuid}/policies
Creates an FPolicy policy configuration for the specified SVM. To create an FPolicy policy, you must specify the policy scope and the FPolicy events to be monitored.
Important notes:
-
A single policy can monitor multiple events.
-
An FPolicy engine is an optional field whose default value is set to native. A native engine can be used to simply block the file access based on the file extensions specified in the policy scope.
-
To enable a policy, the policy priority must be specified. If the priority is not specified, the policy is created but it is not enabled.
-
The "mandatory" field, if set to true, blocks the file access when the primary or secondary FPolicy servers are down.
Required properties
-
svm.uuid- Existing SVM in which to create the FPolicy policy. -
events- Name of the events to monitior. -
name- Name of the FPolicy policy. -
scope- Scope of the policy. Can be limited to exports, volumes, shares or file extensions. -
priority- Priority of the policy (ranging from 1 to 10).
Default property values
-
mandatory- true -
engine- native
Related ONTAP commands
-
fpolicy policy scope create -
fpolicy policy create -
fpolicy enable
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned. |
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
scope |
Example request
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": {
},
"exclude_extension": {
},
"exclude_shares": {
},
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": {
},
"include_extension": {
},
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of Records |
records |
array[fpolicy_policy] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": {
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
}
},
"events": [
"event_nfs_close",
"event_open"
],
"name": "fp_policy_1",
"scope": {
"exclude_export_policies": {
},
"exclude_extension": {
},
"exclude_shares": {
},
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": {
},
"include_extension": {
},
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
}
}
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
9765027 |
FPolicy creation is successful but it cannot be enabled as the priority is already in use by another policy |
9764898 |
An FPolicy policy cannot be created without defining its scope |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
fpolicy_engine_reference
FPolicy external engine
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the FPolicy external engine. |
fpolicy_event_reference
FPolicy events
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
scope
| Name | Type | Description |
|---|---|---|
exclude_export_policies |
array[string] |
|
exclude_extension |
array[string] |
|
exclude_shares |
array[string] |
|
exclude_volumes |
array[string] |
|
include_export_policies |
array[string] |
|
include_extension |
array[string] |
|
include_shares |
array[string] |
|
include_volumes |
array[string] |
fpolicy_policy
| Name | Type | Description |
|---|---|---|
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
scope |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |