Release notes
Requirement for FPolicy scope configurations if the FPolicy policy uses the native engine
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
If you configure the FPolicy policy to use the native engine, there is a specific requirement for how you define the FPolicy scope configured for the policy.
The FPolicy scope defines the boundaries on which the FPolicy policy applies, for example whether the FPolicy applies to specified volumes or shares. There are a number of parameters that further restrict the scope to which the FPolicy policy applies. One of these parameters, -is-file-extension-check-on-directories-enabled, specifies whether to check file extensions on directories. The default value is false, which means that file extensions on directories are not checked.
When an FPolicy policy that uses the native engine is enabled on a share or volume and the -is-file-extension-check-on-directories-enabled parameter is set to false for the scope of the policy, directory access is denied. With this configuration, because the file extensions are not checked for directories, any directory operation is denied if it falls under the scope of the policy.
To ensure that directory access succeeds when using the native engine, you must set the -is-file-extension-check-on-directories-enabled parameter to true when creating the scope.
With this parameter set to true, extension checks happen for directory operations and the decision whether to allow or deny access is taken based on the extensions included or excluded in the FPolicy scope configuration.
