Update the SD information

vserver security file-directory ntfs modify

Parameters

Name	Type	In	Required	Description
path	string	path	True	target path
return_timeout	integer	query	False	The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202. Default value: 1 Max value: 120 Min value: 0
svm.uuid	string	path	True	UUID of the SVM to which this object belongs.

Name

Type

In

Required

Description

path

string

path

True

target path

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.

Default value: 1
Max value: 120
Min value: 0

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name	Type	Description
access_control	string	An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).
acls	array[acl]	A discretionary access security list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the access control entries (ACEs) in the object's DACL to determine whether to grant access to it.
control_flags	string	Specifies the control flags in the SD. It is a Hexadecimal Value.
dos_attributes	string	Specifies the file attributes on this file or directory.
effective_style	string	Specifies the effective style of the SD. The following values are supported: unix - UNIX style ntfs - NTFS style mixed - Mixed style unified - Unified style
group	string	Specifies the owner's primary group. You can specify the owner group using either a group name or SID.
group_id	string	Specifies group ID on this file or directory.
ignore_paths	array[string]	Specifies that permissions on this file or directory cannot be replaced.
inode	integer	Specifies the File Inode number.
mode_bits	integer	Specifies the mode bits on this file or directory.
owner	string	Specifies the owner of the SD. You can specify the owner using either a user name or security identifier (SID). The owner of the SD can modify the permissions on the file (or folder) or files (or folders) to which the SD is applied and can give other users the right to take ownership of the object or objects to which the SD is applied.
propagation_mode	string	Specifies how to propagate security settings to child subfolders and files. This setting determines how child files/folders contained within a parent folder inherit access control and audit information from the parent folder. The available values are: propagate - propagate inheritable permissions to all subfolders and files ignore - ignore inheritable permissions replace - replace existing permissions on all subfolders and files with inheritable permissions
security_style	string	Specifies the security style of the SD. The following values are supported: unix - UNIX style ntfs - NTFS style mixed - Mixed style unified - Unified style
text_dos_attr	string	Specifies the textual format of file attributes on this file or directory.
text_mode_bits	string	Specifies the textual format of mode bits on this file or directory.
user_id	string	Specifies user ID of this file or directory.

Name

Type

Description

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).

acls

array[acl]

A discretionary access security list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the access control entries (ACEs) in the object's DACL to determine whether to grant access to it.

control_flags

string

Specifies the control flags in the SD. It is a Hexadecimal Value.

dos_attributes

string

Specifies the file attributes on this file or directory.

effective_style

string

Specifies the effective style of the SD. The following values are supported:

unix - UNIX style
ntfs - NTFS style
mixed - Mixed style
unified - Unified style

group

string

Specifies the owner's primary group. You can specify the owner group using either a group name or SID.

group_id

string

Specifies group ID on this file or directory.

ignore_paths

array[string]

Specifies that permissions on this file or directory cannot be replaced.

inode

integer

Specifies the File Inode number.

mode_bits

integer

Specifies the mode bits on this file or directory.

owner

string

Specifies the owner of the SD. You can specify the owner using either a user name or security identifier (SID). The owner of the SD can modify the permissions on the file (or folder) or files (or folders) to which the SD is applied and can give other users the right to take ownership of the object or objects to which the SD is applied.

propagation_mode

string

Specifies how to propagate security settings to child subfolders and files. This setting determines how child files/folders contained within a parent folder inherit access control and audit information from the parent folder. The available values are:

propagate - propagate inheritable permissions to all subfolders and files
ignore - ignore inheritable permissions
replace - replace existing permissions on all subfolders and files with inheritable permissions

security_style

string

Specifies the security style of the SD. The following values are supported:

unix - UNIX style
ntfs - NTFS style
mixed - Mixed style
unified - Unified style

text_dos_attr

string

Specifies the textual format of file attributes on this file or directory.

text_mode_bits

string

Specifies the textual format of mode bits on this file or directory.

user_id

string

Specifies user ID of this file or directory.

Example request

{
  "access_control": "file_directory",
  "acls": [
    {
      "access": "access_allow",
      "access_control": "file_directory",
      "inherited": 1,
      "rights": "full_control",
      "user": "S-1-5-21-2233347455-2266964949-1780268902-69304"
    }
  ],
  "control_flags": "8014",
  "dos_attributes": "10",
  "effective_style": "mixed",
  "group": "S-1-5-21-2233347455-2266964949-1780268902-69700",
  "group_id": "2",
  "ignore_paths": [
    "/dir1/dir2/",
    "/parent/dir3"
  ],
  "inode": 64,
  "mode_bits": 777,
  "owner": "S-1-5-21-2233347455-2266964949-1780268902-69304",
  "propagation_mode": "propagate",
  "security_style": "ntfs",
  "text_dos_attr": "---A----",
  "text_mode_bits": "rwxrwxrwx",
  "user_id": "10"
}

Response

Status: 200, Ok

Name	Type	Description
job	job_link

Name

Type

Description

job

job_link

Example response

{
  "job": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "uuid": "string"
  }
}

Response

Status: 202, Accepted

Error

Status: Default

ONTAP Error Response Codes

Error Code	Description
655865	The specified file or directory does not exist.
1260882	Specified SVM not found.
6691623	User is not authorized.
4849676	The specified Windows user or group does not exist.
10485814	The value provided for field control_flags is invalid.

Name	Type	Description
error	returned_error

Name

Type

Description

error

returned_error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

advanced_rights

Specifies the advanced access right controlled by the ACE for the account specified. You can specify more than one "advanced-rights" value by using a comma-delimited list.

Name	Type	Description
append_data	boolean	Append DAta
delete	boolean	Delete
delete_child	boolean	Delete Child
execute_file	boolean	Execute File
full_control	boolean	Full Control
read_attr	boolean	Read Attributes
read_data	boolean	Read Data
read_ea	boolean	Read Extended Attributes
read_perm	boolean	Read Permissions
synchronize	boolean	Synchronize
write_attr	boolean	Write Attributes
write_data	boolean	Write Data
write_ea	boolean	Write Extended Attributes
write_owner	boolean	Write Owner
write_perm	boolean	Write Permission

Name

Type

Description

append_data

boolean

Append DAta

delete

boolean

Delete

delete_child

boolean

Delete Child

execute_file

boolean

Execute File

full_control

boolean

Full Control

read_attr

boolean

Read Attributes

read_data

boolean

Read Data

read_ea

boolean

Read Extended Attributes

read_perm

boolean

Read Permissions

synchronize

boolean

Synchronize

write_attr

boolean

Write Attributes

write_data

boolean

Write Data

write_ea

boolean

Write Extended Attributes

write_owner

boolean

Write Owner

write_perm

boolean

Write Permission

apply_to

Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.

Name	Type	Description
files	boolean	Apply to Files
sub_folders	boolean	Apply to all sub-folders
this_folder	boolean	Apply only to this folder

Name

Type

Description

files

boolean

Apply to Files

sub_folders

boolean

Apply to all sub-folders

this_folder

boolean

Apply only to this folder

acl

An ACE is an element in an access control list (ACL). An ACL can have zero or more ACEs. Each ACE controls or monitors access to an object by a specified trustee.

Name	Type	Description
access	string	Specifies whether the ACL is for DACL or SACL. The available values are: access_allow - DACL for allow access access_deny - DACL for deny access access_allowed_callback - CALLBACK for allowed access access_denied_callback - CALLBACK for denied access access_allowed_callback_object - CALLBACK OBJECT for allowed access access_denied_callback_object - CALLBACK OBJECT for denied access system_audit_callback - SYSTEM Audit Callback ace system_audit_callback_object - SYSTEM Audit Callback Object ace system_resource_attribute - SYSTEM Resource Attribute system_scoped_policy_id - SYSTEM Scope Policy ID audit_success - SACL for success access audit_failure - SACL for failure access audit_success_and_failure - SACL for both success and failure access
access_control	string	An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).
advanced_rights	advanced_rights	Specifies the advanced access right controlled by the ACE for the account specified. You can specify more than one "advanced-rights" value by using a comma-delimited list.
apply_to	apply_to	Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.
inherited	boolean	Indicates whether or not the ACE flag is inherited.
rights	string	Specifies the access rights controlled by the ACE for the account specified. The "rights" parameter is mutually exclusive with the "advanced_rights" parameter. If you specify the "rights" parameter, you can specify one of the following "rights" values ("-" or "_" is accepted as the delimiter).
user	string	Specifies the account to which the ACE applies. You can specify either name or SID.

Name

Type

Description

access

string

Specifies whether the ACL is for DACL or SACL. The available values are:

access_allow - DACL for allow access
access_deny - DACL for deny access
access_allowed_callback - CALLBACK for allowed access
access_denied_callback - CALLBACK for denied access
access_allowed_callback_object - CALLBACK OBJECT for allowed access
access_denied_callback_object - CALLBACK OBJECT for denied access
system_audit_callback - SYSTEM Audit Callback ace
system_audit_callback_object - SYSTEM Audit Callback Object ace
system_resource_attribute - SYSTEM Resource Attribute
system_scoped_policy_id - SYSTEM Scope Policy ID
audit_success - SACL for success access
audit_failure - SACL for failure access
audit_success_and_failure - SACL for both success and failure access

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).

advanced_rights

Specifies the advanced access right controlled by the ACE for the account specified. You can specify more than one "advanced-rights" value by using a comma-delimited list.

apply_to

Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.

inherited

boolean

Indicates whether or not the ACE flag is inherited.

rights

string

Specifies the access rights controlled by the ACE for the account specified. The "rights" parameter is mutually exclusive with the "advanced_rights" parameter. If you specify the "rights" parameter, you can specify one of the following "rights" values ("-" or "_" is accepted as the delimiter).

user

string

Specifies the account to which the ACE applies. You can specify either name or SID.

file_directory_security

Manages New Technology File System (NTFS) security and NTFS audit policies.

Name	Type	Description
access_control	string	An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).
acls	array[acl]	A discretionary access security list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the access control entries (ACEs) in the object's DACL to determine whether to grant access to it.
control_flags	string	Specifies the control flags in the SD. It is a Hexadecimal Value.
dos_attributes	string	Specifies the file attributes on this file or directory.
effective_style	string	Specifies the effective style of the SD. The following values are supported: unix - UNIX style ntfs - NTFS style mixed - Mixed style unified - Unified style
group	string	Specifies the owner's primary group. You can specify the owner group using either a group name or SID.
group_id	string	Specifies group ID on this file or directory.
ignore_paths	array[string]	Specifies that permissions on this file or directory cannot be replaced.
inode	integer	Specifies the File Inode number.
mode_bits	integer	Specifies the mode bits on this file or directory.
owner	string	Specifies the owner of the SD. You can specify the owner using either a user name or security identifier (SID). The owner of the SD can modify the permissions on the file (or folder) or files (or folders) to which the SD is applied and can give other users the right to take ownership of the object or objects to which the SD is applied.
propagation_mode	string	Specifies how to propagate security settings to child subfolders and files. This setting determines how child files/folders contained within a parent folder inherit access control and audit information from the parent folder. The available values are: propagate - propagate inheritable permissions to all subfolders and files ignore - ignore inheritable permissions replace - replace existing permissions on all subfolders and files with inheritable permissions
security_style	string	Specifies the security style of the SD. The following values are supported: unix - UNIX style ntfs - NTFS style mixed - Mixed style unified - Unified style
text_dos_attr	string	Specifies the textual format of file attributes on this file or directory.
text_mode_bits	string	Specifies the textual format of mode bits on this file or directory.
user_id	string	Specifies user ID of this file or directory.

Name

Type

Description

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).

acls

array[acl]

A discretionary access security list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the access control entries (ACEs) in the object's DACL to determine whether to grant access to it.

control_flags

string

Specifies the control flags in the SD. It is a Hexadecimal Value.

dos_attributes

string

Specifies the file attributes on this file or directory.

effective_style

string

Specifies the effective style of the SD. The following values are supported:

unix - UNIX style
ntfs - NTFS style
mixed - Mixed style
unified - Unified style

group

string

Specifies the owner's primary group. You can specify the owner group using either a group name or SID.

group_id

string

Specifies group ID on this file or directory.

ignore_paths

array[string]

Specifies that permissions on this file or directory cannot be replaced.

inode

integer

Specifies the File Inode number.

mode_bits

integer

Specifies the mode bits on this file or directory.

owner

string

Specifies the owner of the SD. You can specify the owner using either a user name or security identifier (SID). The owner of the SD can modify the permissions on the file (or folder) or files (or folders) to which the SD is applied and can give other users the right to take ownership of the object or objects to which the SD is applied.

propagation_mode

string

Specifies how to propagate security settings to child subfolders and files. This setting determines how child files/folders contained within a parent folder inherit access control and audit information from the parent folder. The available values are:

propagate - propagate inheritable permissions to all subfolders and files
ignore - ignore inheritable permissions
replace - replace existing permissions on all subfolders and files with inheritable permissions

security_style

string

Specifies the security style of the SD. The following values are supported:

unix - UNIX style
ntfs - NTFS style
mixed - Mixed style
unified - Unified style

text_dos_attr

string

Specifies the textual format of file attributes on this file or directory.

text_mode_bits

string

Specifies the textual format of mode bits on this file or directory.

user_id

string

Specifies user ID of this file or directory.

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

job_link

Name	Type	Description
_links	_links
uuid	string	The UUID of the asynchronous job that is triggered by a POST, PATCH, or DELETE operation.

Name

Type

Description

_links

uuid

string

The UUID of the asynchronous job that is triggered by a POST, PATCH, or DELETE operation.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

returned_error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Update the SD information

Creating your file...

Related ONTAP commands

Parameters

Request Body

Response

Response

Error

Definitions