REST API reference
Create an export policy rule
Suggest changes
PDFs
POST /protocols/nfs/export-policies/{policy.id}/rules
Introduced In: 9.6
Creates an export policy rule.
Required properties
-
policy.id- Existing export policy for which to create an export rule. -
clients.match- List of clients (hostnames, ipaddresses, netgroups, domains) to which the export rule applies. -
ro_rule- Used to specify the security type for read-only access to volumes that use the export rule. -
rw_rule- Used to specify the security type for read-write access to volumes that use the export rule.
Optional property
-
index- Used to specify the index number of the export rule that you want to create. If you specify an index number that already matches a rule, the index number of the existing rule is incremented, as are the index numbers of all subsequent rules, either to the end of the list or to an open space in the list. If you do not specify an index number, the new rule is placed at the end of the policy's list.
Default property values
If not specified in POST, the following default property values are assigned:
-
protocols- any -
anonymous_user- none -
superuser- any -
allow_device_creation- true -
ntfs_unix_security- fail -
chown_mode- restricted -
allow_suid- true
Related ONTAP commands
-
vserver export-policy rule create
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
policy.id |
integer |
path |
True |
Export Policy ID |
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
allow_device_creation |
boolean |
Specifies whether or not device creation is allowed. |
allow_suid |
boolean |
Specifies whether or not SetUID bits in SETATTR Op is to be honored. |
anonymous_user |
string |
User ID To Which Anonymous Users Are Mapped. |
chown_mode |
string |
Specifies who is authorized to change the ownership mode of a file. |
clients |
array[export_clients] |
Array of client matches |
index |
integer |
Index of the rule within the export policy. |
ntfs_unix_security |
string |
NTFS export UNIX security options. |
policy |
||
protocols |
array[string] |
|
ro_rule |
array[string] |
Authentication flavors that the read-only access rule governs |
rw_rule |
array[string] |
Authentication flavors that the read/write access rule governs |
superuser |
array[string] |
Authentication flavors that the superuser security type governs |
svm |
SVM, applies only to SVM-scoped objects. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"ntfs_unix_security": "string",
"policy": {
"name": "string"
},
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
Number of Export Rule records |
records |
array[export_rule] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"ntfs_unix_security": "string",
"policy": {
"name": "string"
},
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}Headers
| Name | Description | Type |
|---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
1703954 |
Export policy does not exist |
1704036 |
Invalid clientmatch: missing domain name |
1704037 |
Invalid clientmatch: missing network name |
1704038 |
Invalid clientmatch: missing netgroup name |
1704039 |
Invalid clientmatch |
1704040 |
Invalid clientmatch: address bytes masked out by netmask are non-zero |
1704041 |
Invalid clientmatch: address bytes masked to zero by netmask |
1704042 |
Invalid clientmatch: too many bits in netmask |
1704043 |
Invalid clientmatch: invalid netmask |
1704044 |
Invalid clientmatch: invalid characters in host name |
1704045 |
Invalid clientmatch: invalid characters in domain name |
1704050 |
Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported |
1704054 |
Invalid clientmatch: invalid characters in netgroup name. Valid characters for a netgroup name are 0-9, A-Z, a-z, ".", "_" and "-" |
1704064 |
Clientmatch host name too long |
1704065 |
Clientmatch domain name too long |
1704070 |
Export policy rule already exists. The export policy rule was not created because an export policy rule with the same values already exists. |
3277000 |
Upgrade all nodes to ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules |
3277083 |
User ID is not valid. Enter a value for User ID from 0 to 4294967295 |
3277162 |
The specified "index", 0, is invalid. Valid values are values from 1 to 4294967295 |
3277163 |
The system cannot automatically specify an "index" for this rule, because a rule with "index" 4294967295 exists. Either specify an unused "index", or update the existing rules so that "index" 4294967295 is not used. |
3277149 |
The "Anon" field cannot be an empty string |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
export_clients
| Name | Type | Description |
|---|---|---|
match |
string |
Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:
|
policy
| Name | Type | Description |
|---|---|---|
id |
integer |
Export policy ID |
name |
string |
Export policy name |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
export_rule
| Name | Type | Description |
|---|---|---|
_links |
||
allow_device_creation |
boolean |
Specifies whether or not device creation is allowed. |
allow_suid |
boolean |
Specifies whether or not SetUID bits in SETATTR Op is to be honored. |
anonymous_user |
string |
User ID To Which Anonymous Users Are Mapped. |
chown_mode |
string |
Specifies who is authorized to change the ownership mode of a file. |
clients |
array[export_clients] |
Array of client matches |
index |
integer |
Index of the rule within the export policy. |
ntfs_unix_security |
string |
NTFS export UNIX security options. |
policy |
||
protocols |
array[string] |
|
ro_rule |
array[string] |
Authentication flavors that the read-only access rule governs |
rw_rule |
array[string] |
Authentication flavors that the read/write access rule governs |
superuser |
array[string] |
Authentication flavors that the superuser security type governs |
svm |
SVM, applies only to SVM-scoped objects. |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |