Skip to main content

Delete a SACL or DACL ACL

Contributors

DELETE /protocols/file-security/permissions/{svm.uuid}/{path}/acl/{user}

Introduced In: 9.9

Deletes the SACL/DACL ACL You must keep the following points in mind while using these endpoints:

  • SLAG applies to all files and/or directories in a volume hence, inheritance is not required to be propagated.

  • Set access_control field to slag while deleting SLAG ACE.

  • Set access_control field to file_directory while deleting file-directory ACE. By Default access_control field is set to file_directory.

  • For SLAG, valid apply_to combinations are "this-folder, sub-folders", "files", "this-folder, sub-folders, files".

Required properties

  • access - Specifies whether the ACE is for DACL or SACL.

  • user - Name of the user to which the ACE applies.

  • vserver security file-directory ntfs dacl remove

  • vserver security file-directory ntfs sacl remove

Parameters

Name Type In Required Description

path

string

path

True

path

user

string

path

True

User Name

return_records

boolean

query

False

The default is false. If set to true, the records are returned.

  • Default value:

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.

  • Default value: 1

  • Max value: 120

  • Min value: 0

svm.uuid

string

path

True

UUID of the SVM to which this object belongs.

Request Body

Name Type Description

access

string

Specifies whether the ACL is for DACL or SACL. It is a required field. The available values are:

  • access_allow - DACL for allow access

  • access_deny - DACL for deny access

  • audit_success - SACL for success access

  • audit_failure - SACL for failure access

access_control

string

An Access Control Level specifies the access control of the task to be applied. Valid values are "file-directory" or "Storage-Level Access Guard (SLAG)". SLAG is used to apply the specified security descriptors with the task for the volume or qtree. Otherwise, the security descriptors are applied on files and directories at the specified path. The value SLAG is not supported on FlexGroups volumes. The default value is "file-directory" ('-' and '_' are interchangeable).

apply_to

apply_to

Specifies where to apply the DACL or SACL entries. You can specify more than one value by using a comma-delimited list.

ignore_paths

array[string]

Specifies that permissions on this file or directory cannot be replaced.

propagation_mode

string

Specifies how to propagate sec