redhat_cloudforms_azure_arm.../ansible-netapp-qtree-provison/README_DACL.md

## DACL cli commands to give a user full permission to the qtree folder

 - These commands are run from the cluster controller via ssh. 
 - To run these commands on the SVM remove the term -vserver netappsim-svm1.

#### create a policy

    vserver security file-directory policy create -vserver netappsim-svm1 -policy-name myqtree

#### create and add rules to a security descriptor

    vserver security file-directory ntfs dacl add -vserver netappsim-svm1 -ntfs-sd myqtree -access-type allow -account NETAPPSIM\administrator -rights full-control -apply-to this-folder,sub-folders,files

#### create a task that adds security descriptor to the policy at a given path

    vserver security file-directory policy task add -vserver netappsim-svm1 -policy-name myqtree -path /k_t3fp_b_cifs_r15/myqtree -ntfs-sd myqtree -ntfs-mode propagate -security-type ntfs

#### apply the policy

    vserver security file-directory apply -vserver netappsim-svm1 -policy-name myqtree

#### delete the policy

    vserver security file-directory policy delete myqtree

 - It is safe to delete the policy, this will not effect the ACL's you
   have just applied to the qtree.

#### delete security descriptor rules

    vserver security file-directory ntfs dacl remove -ntfs-sd myqtree -access-type *

 - There is no need to clear the security descriptor rule when deleting
   the security descriptor.

#### delete security descriptor

    vserver security file-directory ntfs delete -ntfs-sd myqtree

 - It is safe to delete the security descriptor, this will not effect
   the ACL's you have just applied to the qtree.

#### check for effective permissions and leftover policy / security descriptor

    vserver security file-directory show -vserver netappsim-svm1 -path /k_t3fp_b_cifs_r15/myqtree
    vserver security file-directory ntfs show
    vserver security file-directory policy show
initial commit 2022-10-26 18:05:05 +00:00			`## DACL cli commands to give a user full permission to the qtree folder`

			`- These commands are run from the cluster controller via ssh.`
			`- To run these commands on the SVM remove the term -vserver netappsim-svm1.`

			`#### create a policy`

			`vserver security file-directory policy create -vserver netappsim-svm1 -policy-name myqtree`

			`#### create and add rules to a security descriptor`

			`vserver security file-directory ntfs dacl add -vserver netappsim-svm1 -ntfs-sd myqtree -access-type allow -account NETAPPSIM\administrator -rights full-control -apply-to this-folder,sub-folders,files`

			`#### create a task that adds security descriptor to the policy at a given path`

			`vserver security file-directory policy task add -vserver netappsim-svm1 -policy-name myqtree -path /k_t3fp_b_cifs_r15/myqtree -ntfs-sd myqtree -ntfs-mode propagate -security-type ntfs`

			`#### apply the policy`

			`vserver security file-directory apply -vserver netappsim-svm1 -policy-name myqtree`

			`#### delete the policy`

			`vserver security file-directory policy delete myqtree`

			`- It is safe to delete the policy, this will not effect the ACL's you`
			`have just applied to the qtree.`

			`#### delete security descriptor rules`

			`vserver security file-directory ntfs dacl remove -ntfs-sd myqtree -access-type *`

			`- There is no need to clear the security descriptor rule when deleting`
			`the security descriptor.`

			`#### delete security descriptor`

			`vserver security file-directory ntfs delete -ntfs-sd myqtree`

			`- It is safe to delete the security descriptor, this will not effect`
			`the ACL's you have just applied to the qtree.`

			`#### check for effective permissions and leftover policy / security descriptor`

			`vserver security file-directory show -vserver netappsim-svm1 -path /k_t3fp_b_cifs_r15/myqtree`
			`vserver security file-directory ntfs show`
			`vserver security file-directory policy show`