REST API reference
Create an export policy rule
Suggest changes
PDFs
POST /protocols/nfs/export-policies/{policy.id}/rules
Introduced In: 9.6
Creates an export policy rule.
Required properties
-
policy.id- Existing export policy for which to create an export rule. -
clients.match- List of clients (hostnames, ipaddresses, netgroups, domains) to which the export rule applies. -
ro_rule- Used to specify the security type for read-only access to volumes that use the export rule. -
rw_rule- Used to specify the security type for read-write access to volumes that use the export rule.
Default property values
If not specified in POST, the following default property values are assigned:
-
protocols- any -
anonymous_user- none -
superuser- any -
allow_device_creation- true -
ntfs_unix_security- fail -
chown_mode- restricted -
allow_suid- true
Related ONTAP commands
-
vserver export-policy rule create
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
policy.id |
integer |
path |
True |
Export Policy ID |
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
allow_device_creation |
boolean |
Specifies whether or not device creation is allowed. |
allow_suid |
boolean |
Specifies whether or not SetUID bits in SETATTR Op is to be honored. |
anonymous_user |
string |
User ID To Which Anonymous Users Are Mapped. |
chown_mode |
string |
Specifies who is authorized to change the ownership mode of a file. |
clients |
array[export_client] |
Array of client matches |
index |
integer |
Index of the rule within the export policy. |
ntfs_unix_security |
string |
NTFS export UNIX security options. |
protocols |
array[string] |
|
ro_rule |
array[string] |
Authentication flavors that the read-only access rule governs |
rw_rule |
array[string] |
Authentication flavors that the read/write access rule governs |
superuser |
array[string] |
Authentication flavors that the superuser security type governs |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"index": 0,
"ntfs_unix_security": "string",
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
]
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of Export Rule records |
records |
array[export_rule] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"index": 0,
"ntfs_unix_security": "string",
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
]
}
]
}Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
1703954 |
Export policy does not exist |
1704036 |
Invalid clientmatch: missing domain name |
1704037 |
Invalid clientmatch: missing network name |
1704038 |
Invalid clientmatch: missing netgroup name |
1704039 |
Invalid clientmatch |
1704040 |
Invalid clientmatch: address bytes masked out by netmask are non-zero |
1704041 |
Invalid clientmatch: address bytes masked to zero by netmask |
1704042 |
Invalid clientmatch: too many bits in netmask |
1704043 |
Invalid clientmatch: invalid netmask |
1704044 |
Invalid clientmatch: invalid characters in host name |
1704045 |
Invalid clientmatch: invalid characters in domain name |
1704050 |
Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported |
1704051 |
Warning: Not adding any new strings to the clientmatch field for ruleindex. All of the match strings are already in the clientmatch list |
1704064 |
Clientmatch host name too long |
1704065 |
Clientmatch domain name too long |
3277000 |
Upgrade all nodes to Data ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules |
3277083 |
User ID is not valid. Enter a value for User ID from 0 to 4294967295 |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
export_client
| Name | Type | Description |
|---|---|---|
match |
string |
Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:
|
export_rule
| Name | Type | Description |
|---|---|---|
_links |
||
allow_device_creation |
boolean |
Specifies whether or not device creation is allowed. |
allow_suid |
boolean |
Specifies whether or not SetUID bits in SETATTR Op is to be honored. |
anonymous_user |
string |
User ID To Which Anonymous Users Are Mapped. |
chown_mode |
string |
Specifies who is authorized to change the ownership mode of a file. |
clients |
array[export_client] |
Array of client matches |
index |
integer |
Index of the rule within the export policy. |
ntfs_unix_security |
string |
NTFS export UNIX security options. |
protocols |
array[string] |
|
ro_rule |
array[string] |
Authentication flavors that the read-only access rule governs |
rw_rule |
array[string] |
Authentication flavors that the read/write access rule governs |
superuser |
array[string] |
Authentication flavors that the superuser security type governs |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |