Update an FPolicy configuration for an SVM
PATCH /protocols/fpolicy/{svm.uuid}/policies/{name}
Introduced In: 9.6
Updates a particular FPolicy policy configuration for a specified SVM. PATCH can be used to enable or disable the policy. When enabling a policy, you must specify the policy priority. The policy priority of the policy is not required when disabling the policy. If the policy is enabled, the FPolicy policy cannot be modified.
Related ONTAP commands
-
fpolicy policy modify
-
fpolicy policy scope modify
-
fpolicy enable
-
fpolicy disable
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
name |
string |
path |
True |
|
svm.uuid |
string |
path |
True |
UUID of the SVM to which this object belongs. |
Request Body
Name | Type | Description |
---|---|---|
allow_privileged_access |
boolean |
Specifies whether privileged access is required for FPolicy servers. Privileged access is used when the FPolicy server requires direct access to the cluster nodes. When this parameter is set to true, FPolicy servers can access files on the cluster using a separate data channel with privileged access. |
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
passthrough_read |
boolean |
Specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are files that have been moved to secondary storage. |
persistent_store |
string |
Specifies the persistent storage name. This can then be used to enable persistent mode for FPolicy events. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
privileged_user |
string |
Specifies the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in "domain\username" format. |
scope |
||
svm |
Example request
{
"engine": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string"
},
"events": [
"event_cifs",
"event_open"
],
"name": "fp_policy_1",
"persistent_store": "ps1",
"priority": 1,
"privileged_user": "mydomain\\testuser",
"scope": {
"exclude_export_policies": [
"string"
],
"exclude_extension": [
"string"
],
"exclude_shares": [
"string"
],
"exclude_volumes": [
"vol1",
"vol_svm1",
"*"
],
"include_export_policies": [
"string"
],
"include_extension": [
"string"
],
"include_shares": [
"sh1",
"share_cifs"
],
"include_volumes": [
"vol1",
"vol_svm1"
]
},
"svm": {
"uuid": "string"
}
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
9764875 |
An FPolicy event does not exist |
9764888 |
An FPolicy engine does not exist |
9765026 |
The priority must be specified when enabling the FPolicy policy |
9765025 |
Cannot disable an FPolicy policy when the priority is specified |
9764899 |
Cannot modify an enabled FPolicy policy |
9764899 |
Deletion of a cluster policy is not supported |
9764907 |
An FPolicy policy is already enabled |
9764908 |
An FPolicy policy is already disabled |
9765029 |
An FPolicy was modified but disable/enable failed as the policy is already disabled/enabled |
9765036 |
Cannot modify an FPolicy policy as passthrough-read policies are not supported without privileged user |
9765038 |
Passthrough-read policies are not supported with an external engine of type "asynchronous" |
9765039 |
Passthrough-read policies are not supported with native engine |
9765056 |
The specified Persistent Store does not exist |
9765062 |
Policy with Persistent Store does not support mandatory screening |
9765065 |
A valid privileged user name must be in the form "domain-name\user-name" |
9765066 |
The privileged user contains characters that are not allowed |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
fpolicy_engine_reference
FPolicy external engine
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the FPolicy external engine. |
fpolicy_event_reference
FPolicy events
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
scope
Name | Type | Description |
---|---|---|
check_extensions_on_directories |
boolean |
Specifies whether the file name extension checks also apply to directory objects. If this parameter is set to true, the directory objects are subjected to the same extension checks as regular files. If this parameter is set to false, the directory names are not matched for extensions and notifications are sent for directories even if their name extensions do not match. Default is false. |
exclude_export_policies |
array[string] |
|
exclude_extension |
array[string] |
|
exclude_shares |
array[string] |
|
exclude_volumes |
array[string] |
|
include_export_policies |
array[string] |
|
include_extension |
array[string] |
|
include_shares |
array[string] |
|
include_volumes |
array[string] |
|
object_monitoring_with_no_extension |
boolean |
Specifies whether the extension checks also apply to objects with no extension. If this parameter is set to true, all objects with or without extensions are monitored. Default is false. |
svm
Name | Type | Description |
---|---|---|
uuid |
string |
SVM UUID |
fpolicy_policy
Name | Type | Description |
---|---|---|
allow_privileged_access |
boolean |
Specifies whether privileged access is required for FPolicy servers. Privileged access is used when the FPolicy server requires direct access to the cluster nodes. When this parameter is set to true, FPolicy servers can access files on the cluster using a separate data channel with privileged access. |
enabled |
boolean |
Specifies if the policy is enabled on the SVM or not. If no value is mentioned for this field but priority is set, then this policy will be enabled. |
engine |
FPolicy external engine |
|
events |
array[fpolicy_event_reference] |
|
mandatory |
boolean |
Specifies what action to take on a file access event in a case when all primary and secondary servers are down or no response is received from the FPolicy servers within a given timeout period. When this parameter is set to true, file access events will be denied under these circumstances. |
name |
string |
Specifies the name of the policy. |
passthrough_read |
boolean |
Specifies whether passthrough-read should be allowed for FPolicy servers registered for the policy. Passthrough-read is a way to read data for offline files without restoring the files to primary storage. Offline files are files that have been moved to secondary storage. |
persistent_store |
string |
Specifies the persistent storage name. This can then be used to enable persistent mode for FPolicy events. |
priority |
integer |
Specifies the priority that is assigned to this policy. |
privileged_user |
string |
Specifies the privileged user name for accessing files on the cluster using a separate data channel with privileged access. The input for this field should be in "domain\username" format. |
scope |
||
svm |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |