Manage authorization-policy-change event
Suggest changes
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
When authorization-policy-change event is configured for a storage virtual machine (SVM) and an audit is enabled, audit events are generated.
The authorization-policy-change events with the event-ids 4704 and 4705 are generated whenever the authorization rights are granted or revoked for an SMB user and SMB group. The authorization-policy-change events are generated when the authorization rights are assigned or revoked using vserver cifs users-and-groups privilege
related commands.
The following example displays an authorization policy event with the ID 4704 generated, when the authorization rights for a SMB user group are assigned:
netapp-clus1::*> vserver cifs users-and-groups privilege add-privilege -user-or-group-name testcifslocalgroup -privileges * - System - Provider [ Name] NetApp-Security-Auditing [ Guid] {3CB2A168-FE19-4A4E-BDAD-DCF422F13473} EventID 4704 EventName User Right Assigned ... ... TargetUserOrGroupName testcifslocalgroup TargetUserOrGroupDomainName NETAPP-CLUS1 TargetUserOrGroupSid S-1-5-21-2447422786-1297661003-4197201688-1004; PrivilegeList SeTcbPrivilege;SeBackupPrivilege;SeRestorePrivilege;SeTakeOwnershipPrivilege;SeSecurityPrivilege;SeChangeNotifyPrivilege; TargetType CIFS