REST API reference
Create an export policy
Suggest changes
PDFs
POST /protocols/nfs/export-policies
Introduced In: 9.6
Creates an export policy. An SVM can have any number of export policies to define rules for which clients can access data exported by the SVM. A policy with no rules prohibits access.
Required properties
-
svm.uuidorsvm.name- Existing SVM in which to create an export policy. -
name- Name of the export policy.
Recommended optional properties
-
rules- Rule(s) of an export policy. Used to create the export rule and populate the export policy with export rules in a single request. -
rules[].index- If you specify an index number that already matches a rule, the index number of the existing rule is incremented, as are the index numbers of all subsequent rules, either to the end of the list or to an open space in the list. If you do not specify an index number, the new rule is placed at the end of the policy's list.
Related ONTAP commands
-
vserver export-policy create -
vserver export-policy rule create
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
id |
integer |
Export Policy ID |
name |
string |
Export Policy Name |
rules |
array[export_rules] |
Rules of the Export Policy. |
svm |
SVM, applies only to SVM-scoped objects. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"id": 0,
"name": "string",
"rules": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"ntfs_unix_security": "string",
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
]
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}Response
Status: 201, Created| Name | Type | Description |
|---|---|---|
_links |
||
num_records |
integer |
The number of export policy records |
records |
array[export_policy] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"num_records": 1,
"records": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"id": 0,
"name": "string",
"rules": [
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"anonymous_user": "string",
"chown_mode": "string",
"clients": [
{
"match": "0.0.0.0/0"
}
],
"ntfs_unix_security": "string",
"protocols": [
"string"
],
"ro_rule": [
"string"
],
"rw_rule": [
"string"
],
"superuser": [
"string"
]
}
],
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
]
}Headers
| Name | Description | Type |
|---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
1703952 |
Invalid ruleset name provided. No spaces allowed in a ruleset name |
1703954 |
Export policy does not exist |
1704036 |
Invalid clientmatch: missing domain name |
1704037 |
Invalid clientmatch: missing network name |
1704038 |
Invalid clientmatch: missing netgroup name |
1704039 |
Invalid clientmatch |
1704040 |
Invalid clientmatch: address bytes masked out by netmask are non-zero |
1704041 |
Invalid clientmatch: address bytes masked to zero by netmask |
1704042 |
Invalid clientmatch: too many bits in netmask |
1704043 |
Invalid clientmatch: invalid netmask |
1704044 |
Invalid clientmatch: invalid characters in host name |
1704045 |
Invalid clientmatch: invalid characters in domain name |
1704047 |
The export policy name cannot be longer than 256 characters |
1704049 |
Invalid clientmatch: clientmatch lists require an effective cluster version of Data ONTAP 9.0 or later. Upgrade all nodes to Data ONTAP 9.0 or above to use features that operate on lists of clientmatch strings in export-policy rules |
1704050 |
Invalid clientmatch: clientmatch list contains a duplicate string. Duplicate strings in a clientmatch list are not supported |
1704054 |
Invalid clientmatch: invalid characters in netgroup name. Valid characters for a netgroup name are 0-9, A-Z, a-z, ".", "_" and "-" |
1704055 |
Export policies are only supported for data Vservers |
1704064 |
Clientmatch host name too long |
1704065 |
Clientmatch domain name too long |
1704071 |
The export policy was not created because of duplicate export policy rules present in the request |
3277000 |
Upgrade all nodes to ONTAP 9.0.0 or above to use krb5p as a security flavor in export-policy rules |
3277083 |
User ID is not valid. Enter a value for User ID from 0 to 4294967295 |
3277149 |
The "Anon" field cannot be an empty string |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
export_clients
| Name | Type | Description |
|---|---|---|
match |
string |
Client Match Hostname, IP Address, Netgroup, or Domain. You can specify the match as a string value in any of the following formats:
|
export_rules
| Name | Type | Description |
|---|---|---|
_links |
||
allow_device_creation |
boolean |
Specifies whether or not device creation is allowed. |
allow_suid |
boolean |
Specifies whether or not SetUID bits in SETATTR Op is to be honored. |
anonymous_user |
string |
User ID To Which Anonymous Users Are Mapped. |
chown_mode |
string |
Specifies who is authorized to change the ownership mode of a file. |
clients |
array[export_clients] |
Array of client matches |
index |
integer |
Index of the rule within the export policy. |
ntfs_unix_security |
string |
NTFS export UNIX security options. |
protocols |
array[string] |
|
ro_rule |
array[string] |
Authentication flavors that the read-only access rule governs |
rw_rule |
array[string] |
Authentication flavors that the read/write access rule governs |
superuser |
array[string] |
Authentication flavors that the superuser security type governs |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
export_policy
| Name | Type | Description |
|---|---|---|
_links |
||
id |
integer |
Export Policy ID |
name |
string |
Export Policy Name |
rules |
array[export_rules] |
Rules of the Export Policy. |
svm |
SVM, applies only to SVM-scoped objects. |
_links
| Name | Type | Description |
|---|---|---|
next |
||
self |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |