vserver fpolicy policy scope create

Description​

The vserver fpolicy policy scope create command creates an FPolicy scope for an FPolicy policy. A scope defines the boundaries on which the FPolicy policy will apply. The Vserver is the basic scope boundary. When you create a scope for an FPolicy policy, you must define the FPolicy policy to which it will apply and you must designate to which Vserver you want to apply the scope. There are a number of parameters that further restrict the scope within the specified Vserver. You can restrict the scope by specifying what to include in the scope. Or you can restrict the scope by specifying what to exclude from the scope. For example, you can restrict the scope by specifying which volumes to include using the -volumes-to-include parameter or which volumes to exclude using the -volumes-to-exclude parameter. Once you apply a scope to an enabled policy, policy event checks get applied to the scope defined by this command.

Parameters​

-vserver <Vserver Name> - Vserver

This parameter specifies the name of the Vserver on which you want to create an FPolicy policy scope.

-policy-name <Policy name> - Policy

This parameter specifies the name of the FPolicy policy for which you want to create the scope.

[-shares-to-include <Share name>, ...] - Shares to Include

This parameter specifies a list of shares for file access monitoring. With this option, the administrator provides a list of shares, separated by commas. For file access events relative to the specified shares and file operations monitored by the FPolicy policy, a notification is generated. The -shares-to-include parameter can contain regular expressions and can include metacharacters such as "?" and "*".

Note

When a share is included in the -shares-to-include parameter and the parent volume of the share is included in the -volumes-to-exclude parameter, -volumes-to-exclude has precedence over -shares-to-include.

[-shares-to-exclude <Share name>, ...] - Shares to Exclude

This parameter specifies a list of shares to exclude from file access monitoring. With this option, the administrator provides a list of shares, separated by commas. When a share is specified in the -shares-to-exclude parameter, no notification is sent for files accessed relative to that share. The -shares-to-exclude parameter can contain regular expressions and can include metacharacters such as "?" and "*".

[-volumes-to-include <volume name>, ...] - Volumes to Include

This parameter specifies a list of volumes for file access monitoring. With this option, the administrator provides a list of volumes, separated by commas. For file access events within the volume and file operations monitored by the FPolicy policy, a notification is generated. The -volumes-to-include parameter can contain regular expressions and can include metacharacters such as "?" and "*".

[-volumes-to-exclude <volume name>, ...] - Volumes to Exclude

This parameter specifies a list of volumes to exclude from file access monitoring. With this option, the administrator provides a list of volumes, separated by commas, for which no file access notifications are generated. The -volumes-to-exclude parameter can contain regular expressions and can include metacharacters such as "?" and "*".

Note

When a share is included in the -shares-to-include parameter and the parent volume of the share is included in the -volumes-to-exclude parameter, -volumes-to-exclude has precedence over -shares-to-include. Similarly, when an export policy is included in the -export-policies-to-include parameter and the parent volume of the export-policy is included in the -volumes-to-exclude parameter, -volumes-to-exclude has precedence over -export-policies-to-include.

[-export-policies-to-include <FPolicy export policy>, ...] - Export Policies to Include

This parameter specifies a list of export policies for file access monitoring. With this option, the administrator provides a list of export policies, separated by commas. For file access events within an export policy and file operations monitored by the FPolicy policy, a notification is generated. The -export-policies-to-include parameter can contain regular expressions and can include metacharacters such as "?" and "*".

Note

When an export policy is included in the -export-policies-to-include parameter and the parent volume of the export policy is included in the -volumes-to-exclude parameter, -volumes-to-exclude has precedence over -export-policies-to-include.

[-export-policies-to-exclude <FPolicy export policy>, ...] - Export Policies to Exclude

This parameter specifies a list of export policies to exclude from file access monitoring. With this option, the administrator provides a list of export policies, separated by commas, for which no file access notification is sent. The -export-policies-exclude parameter can contain regular expressions and can include metacharacters such as "?" and *.

[-file-extensions-to-include <File extension>, ...] - File Extensions to Include

This parameter specifies a list of file extensions, separated by commas, for a given FPolicy policy for which FPolicy processing is required. Any file access to files with the same extensions included in the -file-extensions-to-include parameter generates a notification. The -file-extensions-to-include parameter can contain regular expressions and can include metacharacters such as "?".

[-file-extensions-to-exclude <File extension>, ...] - File Extensions to Exclude

This parameter specifies a list of file extensions, separated by commas, for a given FPolicy policy for which FPolicy processing will be excluded. Using the exclude list, the administrator can request notification for all extensions except those in the excluded list. Any file access to files with the same extensions included in the -file-extensions-to-exclude parameter does not generate a notification. The -file-extensions-to-exclude parameter can contain regular expressions and can include metacharacters such as "?".

Note

An administrator can specify both -file-extensions-to-include and -file-extensions-to-exclude lists. The -file-extensions-to-exclude parameter is checked first before the -file-extensions-to-include parameter is checked.

[-is-file-extension-check-on-directories-enabled {true|false}] - Is File Extension Check on Directories Enabled (privilege: advanced)

This parameter specifies whether the file name extension checks apply to directory objects as well. If this parameter is set to true, the directory objects are subjected to same extension checks as regular files. If this parameter is set to false, the directory names are not matched for extensions and notifications would be sent for directories even if their name extensions do not match. By default, it is false.

[-is-monitoring-of-objects-with-no-extension-enabled {true|false}] - Is Monitoring of Objects with No Extension Enabled (privilege: advanced)

This parameter specifies whether the extension checks apply to objects with no extension as well. If this parameter is set to true, the objects with no extension are also monitored along with the objects with extension. By default, it is false.

Note

This parameter is ignored when file-extensions-to-include and file-extensions-to-exclude lists are empty.