vserver security file-directory policy create
Create a file security policy
Description
The vserver security file-directory policy create command creates a security policy for a Vserver. A policy acts as a container for various tasks where each task is a single entry that can be applied to a file/folder.
Creating a security policy is the third step in configuring and applying security ACLs to a file or folder. You will later add tasks to the security policy.
The steps to creating and applying NTFS ACLs are the following:
- Create an NTFS security descriptor.
- Add DACLS and SACLS to the NTFS security descriptor.NoteIf you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the security descriptor.
- Create a file/directory security policy.
This step associates the policy with a Vserver.
- Create policy tasks.
A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.
- Apply a policy to the associated Vserver.
Parameters
- -vserver <vserver name> - Vserver
- Specifies the name of the Vserver on which to create the security policy.
- -policy-name <Security policy name> - Policy Name
- Specifies the name of the security policy.
Examples
The following example creates a security policy named “policy1” on Vserver vs1.
cluster1::> vserver security file-directory policy create -policy-name policy1 -vserver vs1
cluster1::> vserver security file-directory policy show
Vserver Policy Name
------------ --------------
vs1 policy1