ONTAP commands for managing NTFS and SMB security policies and access control entries

06/03/2026 Contributors

Use ONTAP commands to create, modify, delete, and display information about NTFS security descriptors and access control entries (ACEs) in DACLs and SACLs. You can also use ONTAP commands to manage SMB security policies, policy tasks, and policy jobs.

ONTAP commands for managing NTFS security descriptors on SMB servers

There are specific ONTAP commands for managing security descriptors. You can create, modify, delete, and display information about security descriptors.

If you want to… Use this command…

If you want to…	Use this command…
Create NTFS security descriptors	`vserver security file-directory ntfs create`
Modify existing NTFS security descriptors	`vserver security file-directory ntfs modify`
Display information about existing NTFS security descriptors	`vserver security file-directory ntfs show`
Delete NTFS security descriptors	`vserver security file-directory ntfs delete`

Create NTFS security descriptors

vserver security file-directory ntfs create

Modify existing NTFS security descriptors

vserver security file-directory ntfs modify

Display information about existing NTFS security descriptors

vserver security file-directory ntfs show

Delete NTFS security descriptors

vserver security file-directory ntfs delete

Learn more about vserver security file-directory ntfs in the ONTAP command reference.

ONTAP commands for managing NTFS DACL access control entries on SMB servers

There are specific ONTAP commands for managing DACL access control entries (ACEs). You can add ACEs to NTFS DACLs at any time. You can also manage existing NTFS DACLs by modifying, deleting, and displaying information about ACEs in DACLs.

If you want to… Use this command…

If you want to…	Use this command…
Create ACEs and add them to NTFS DACLs	`vserver security file-directory ntfs dacl add`
Modify existing ACEs in NTFS DACLs	`vserver security file-directory ntfs dacl modify`
Display information about existing ACEs in NTFS DACLs	`vserver security file-directory ntfs dacl show`
Remove existing ACEs from NTFS DACLs	`vserver security file-directory ntfs dacl remove`

Create ACEs and add them to NTFS DACLs

vserver security file-directory ntfs dacl add

Modify existing ACEs in NTFS DACLs

vserver security file-directory ntfs dacl modify

Display information about existing ACEs in NTFS DACLs

vserver security file-directory ntfs dacl show

Remove existing ACEs from NTFS DACLs

vserver security file-directory ntfs dacl remove

Learn more about vserver security file-directory ntfs dacl in the ONTAP command reference.

ONTAP commands for managing NTFS SACL access control entries on SMB servers

There are specific ONTAP commands for managing SACL access control entries (ACEs). You can add ACEs to NTFS SACLs at any time. You can also manage existing NTFS SACLs by modifying, deleting, and displaying information about ACEs in SACLs.

If you want to… Use this command…

If you want to…	Use this command…
Create ACEs and add them to NTFS SACLs	`vserver security file-directory ntfs sacl add`
Modify existing ACEs in NTFS SACLs	`vserver security file-directory ntfs sacl modify`
Display information about existing ACEs in NTFS SACLs	`vserver security file-directory ntfs sacl show`
Remove existing ACEs from NTFS SACLs	`vserver security file-directory ntfs sacl remove`

Create ACEs and add them to NTFS SACLs

vserver security file-directory ntfs sacl add

Modify existing ACEs in NTFS SACLs

vserver security file-directory ntfs sacl modify

Display information about existing ACEs in NTFS SACLs

vserver security file-directory ntfs sacl show

Remove existing ACEs from NTFS SACLs

vserver security file-directory ntfs sacl remove

Learn more about vserver security file-directory ntfs sacl in the ONTAP command reference.

ONTAP commands for managing SMB security policies

There are specific ONTAP commands for managing security policies. You can display information about policies and you can delete policies. You cannot modify a security policy.

If you want to… Use this command…

If you want to…	Use this command…
Create security policies	`vserver security file-directory policy create`
Display information about security policies	`vserver security file-directory policy show`
Delete security policies	`vserver security file-directory policy delete`

Create security policies

vserver security file-directory policy create

Display information about security policies

vserver security file-directory policy show

Delete security policies

vserver security file-directory policy delete

Learn more about vserver security file-directory policy in the ONTAP command reference.

ONTAP commands for managing SMB security policy tasks

There are ONTAP commands for adding, modifying, removing, and displaying information about security policy tasks.

If you want to… Use this command…

If you want to…	Use this command…
Add security policy tasks	`vserver security file-directory policy task add`
Modify security policy tasks	`vserver security file-directory policy task modify`
Display information about security policy tasks	`vserver security file-directory policy task show`
Remove security policy tasks	`vserver security file-directory policy task remove`

Add security policy tasks

vserver security file-directory policy task add

Modify security policy tasks

vserver security file-directory policy task modify

Display information about security policy tasks

vserver security file-directory policy task show

Remove security policy tasks

vserver security file-directory policy task remove

Learn more about vserver security file-directory policy task in the ONTAP command reference.

ONTAP commands for managing SMB security policy jobs

There are ONTAP commands for pausing, resuming, stopping, and displaying information about security policy jobs.

If you want to… Use this command…

If you want to…	Use this command…
Pause security policy jobs	`vserver security file-directory job pause ‑vserver vserver_name -id integer`
Resume security policy jobs	`vserver security file-directory job resume ‑vserver vserver_name -id integer`
Display information about security policy jobs	`vserver security file-directory job show ‑vserver vserver_name` You can determine the job ID of a job using this command.
Stop security policy jobs	`vserver security file-directory job stop ‑vserver vserver_name -id integer`

Pause security policy jobs

vserver security file-directory job pause ‑vserver vserver_name -id integer

Resume security policy jobs

vserver security file-directory job resume ‑vserver vserver_name -id integer

Display information about security policy jobs

vserver security file-directory job show ‑vserver vserver_name You can determine the job ID of a job using this command.

Stop security policy jobs

vserver security file-directory job stop ‑vserver vserver_name -id integer

Learn more about vserver security file-directory job in the ONTAP command reference.

ONTAP commands for managing NTFS and SMB security policies and access control entries

Creating your file...

ONTAP commands for managing NTFS security descriptors on SMB servers

ONTAP commands for managing NTFS DACL access control entries on SMB servers

ONTAP commands for managing NTFS SACL access control entries on SMB servers

ONTAP commands for managing SMB security policies

ONTAP commands for managing SMB security policy tasks

ONTAP commands for managing SMB security policy jobs