Skip to main content

Display information about Dynamic Access Control security

Contributors netapp-thomi netapp-ahibbard netapp-aherbin
PDFs

You can display information about Dynamic Access Control (DAC) security on NTFS volumes and on data with NTFS effective security on mixed security-style volumes. This includes information about conditional ACEs, resource ACEs, and central access policy ACEs. You can use the results to validate your security configuration or to troubleshoot file access issues.

About this task

You must supply the name of the storage virtual machine (SVM) and the path to the data whose file or folder security information you want to display. You can display the output in summary form or as a detailed list.

Step

  1. Display file and directory security settings with the desired level of detail:

    If you want to display information…​ Enter the following command…​

    In summary form

    vserver security file-directory show -vserver vserver_name -path path

    With expanded detail

    vserver security file-directory show -vserver vserver_name -path path -expand-mask true

    Where output is displayed with group and user SIDs

    vserver security file-directory show -vserver vserver_name -path path -lookup-names false

    About file and directory security for files and directories where the hexadecimal bit mask is translated to textual format

    vserver security file-directory show -vserver vserver_name -path path -textual-mask true
Examples

The following example displays Dynamic Access Control security information about the path /vol1 in SVM vs1:

cluster1::> vserver security file-directory show -vserver vs1 -path /vol1
                           Vserver: vs1
                         File Path: /vol1
                 File Inode Number: 112
                    Security Style: mixed
                   Effective Style: ntfs
                    DOS Attributes: 10
            DOS Attributes in Text: ----D---
            Expanded Dos Attribute: -
                      Unix User Id: 0
                     Unix Group Id: 1
                    Unix Mode Bits: 777
            Unix Mode Bits in Text: rwxrwxrwx
                              ACLs: NTFS Security Descriptor
                                    Control:0xbf14
                                    Owner:CIFS1\Administrator
                                    Group:CIFS1\Domain Admins
                                    SACL - ACEs
                                       ALL-Everyone-0xf01ff-OI|CI|SA|FA
                                       RESOURCE ATTRIBUTE-Everyone-0x0
                                         ("Department_MS",TS,0x10020,"Finance")
                                       POLICY ID-All resources - No Write-0x0-OI|CI
                                    DACL - ACEs
                                       ALLOW-CIFS1\Administrator-0x1f01ff-OI|CI
                                       ALLOW-Everyone-0x1f01ff-OI|CI
                                       ALLOW CALLBACK-DAC\user1-0x1200a9-OI|CI
                                         ((@User.department==@Resource.Department_MS&&@Resource.Impact_MS>1000)&&@Device.department==@Resource.Department_MS)
Related information

Displaying information about GPO configurations

Displaying information about central access policies

Displaying information about central access policy rules