1.8 KiB
Executable File
1.8 KiB
Executable File
DACL cli commands to give a user full permission to the qtree folder
- These commands are run from the cluster controller via ssh.
- To run these commands on the SVM remove the term -vserver netappsim-svm1.
create a policy
vserver security file-directory policy create -vserver netappsim-svm1 -policy-name myqtree
create and add rules to a security descriptor
vserver security file-directory ntfs dacl add -vserver netappsim-svm1 -ntfs-sd myqtree -access-type allow -account NETAPPSIM\administrator -rights full-control -apply-to this-folder,sub-folders,files
create a task that adds security descriptor to the policy at a given path
vserver security file-directory policy task add -vserver netappsim-svm1 -policy-name myqtree -path /k_t3fp_b_cifs_r15/myqtree -ntfs-sd myqtree -ntfs-mode propagate -security-type ntfs
apply the policy
vserver security file-directory apply -vserver netappsim-svm1 -policy-name myqtree
delete the policy
vserver security file-directory policy delete myqtree
- It is safe to delete the policy, this will not effect the ACL's you have just applied to the qtree.
delete security descriptor rules
vserver security file-directory ntfs dacl remove -ntfs-sd myqtree -access-type *
- There is no need to clear the security descriptor rule when deleting the security descriptor.
delete security descriptor
vserver security file-directory ntfs delete -ntfs-sd myqtree
- It is safe to delete the security descriptor, this will not effect the ACL's you have just applied to the qtree.
check for effective permissions and leftover policy / security descriptor
vserver security file-directory show -vserver netappsim-svm1 -path /k_t3fp_b_cifs_r15/myqtree
vserver security file-directory ntfs show
vserver security file-directory policy show