## DACL cli commands to give a user full permission to the qtree folder

 - These commands are run from the cluster controller via ssh. 
 - To run these commands on the SVM remove the term -vserver netappsim-svm1.

#### create a policy

    vserver security file-directory policy create -vserver netappsim-svm1 -policy-name myqtree

#### create and add rules to a security descriptor

    vserver security file-directory ntfs dacl add -vserver netappsim-svm1 -ntfs-sd myqtree -access-type allow -account NETAPPSIM\administrator -rights full-control -apply-to this-folder,sub-folders,files

#### create a task that adds security descriptor to the policy at a given path

    vserver security file-directory policy task add -vserver netappsim-svm1 -policy-name myqtree -path /k_t3fp_b_cifs_r15/myqtree -ntfs-sd myqtree -ntfs-mode propagate -security-type ntfs

#### apply the policy

    vserver security file-directory apply -vserver netappsim-svm1 -policy-name myqtree

#### delete the policy

    vserver security file-directory policy delete myqtree

 - It is safe to delete the policy, this will not effect the ACL's you
   have just applied to the qtree.

#### delete security descriptor rules

    vserver security file-directory ntfs dacl remove -ntfs-sd myqtree -access-type *

 - There is no need to clear the security descriptor rule when deleting
   the security descriptor.

#### delete security descriptor

    vserver security file-directory ntfs delete -ntfs-sd myqtree

 - It is safe to delete the security descriptor, this will not effect
   the ACL's you have just applied to the qtree.

#### check for effective permissions and leftover policy / security descriptor

    vserver security file-directory show -vserver netappsim-svm1 -path /k_t3fp_b_cifs_r15/myqtree
    vserver security file-directory ntfs show
    vserver security file-directory policy show