vserver security file-directory policy task modify
Modify policy tasks
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory policy task modify command modifies a task entry in a security policy.
Note
Modifying a policy task fails if a job is currently running for the specified policy in which a task is being modified.
You can unambiguously define which task to modify by specifying the following three parameters in the modify command:
- Vserver associated with the task
- Name of the security policy that contains the task
- Name of the path to which the task is applied
You can modify the following parameters:
- -ntfs-mode
- -ntfs-sd
- -index-num
Note
The only security type supported in this Data ONTAP release is “ntfs”; therefore, you cannot modify the -security-type parameter.
Parameters
- -vserver <vserver name> - Vserver
- Specifies the Vserver associated with the security policy that contains the task you want to modify.
- -policy-name <Security policy name> - Policy Name
- Specifies the name of the security policy that contains the task you want to modify.
- -path <text> - Path
- Specifies the path of the file/folder associated with the task that you want to modify.
- [-index-num <integer>] - Position
- Specifies the index number of a task. Tasks are applied in order. A task with a larger index value is applied after a task with a lower index number. If you do not specify this optional parameter, new tasks are applied to the end of the index list.
The range of supported values is 1 through 9999. If there is a gap between the highest existing index number and the value entered for this parameter, the task with this number is considered to be the last task in the policy and is treated as having an index number of the previous highest index plus one.
NoteIf you specify an index number that is already assigned to an existing task, the command fails when you attempt to create a duplicate entry. - [-security-type {ntfs|nfsv4}] - Security Type
- Specifies whether the security descriptor in the task that you want to modify should be an NTFS security descriptor type or an NFSv4 security descriptor type. Default value is ntfs.NoteThe nfsv4 security descriptor type is not supported in this release. If you specify this optional parameter, you must enter ntfs for the -security-type value.
- [-ntfs-mode {propagate|ignore|replace}] - NTFS Propagation Mode
- Specifies how to propagate security settings to child subfolders and files. This setting determines how child files and/or folders contained within a parent folder inherit access control and audit information from the parent folder.
You can specify one of the three parameter values that correspond to three types of propagation modes:
- propagate - propagate inheritable permissions to all subfolders and files
- replace - replace existing permissions on all subfolders and files with inheritable permissions
- ignore - do not allow permissions on this file or folder to be replaced
- [-ntfs-sd <ntfs sd name>, ...] - NTFS Security Descriptor Name
- Specifies the list of security descriptor names to apply to the path specified in the -path parameter.
Examples
The following example modifies the ntfs mode, index, and ntfs-sd parameters in the security policy task entry.
cluster1::> vserver security file-directory policy task modify -vserver vs1 -policy-name policy1
-path / -security-type ntfs -ntfs-mode propagate -ntfs-sd sd -index-num 1
cluster1::> vserver security file-directory policy task modify -vserver vs1 -policy-name policy1
-path /1 -security-type ntfs -ntfs-mode propagate -ntfs-sd sd1, sd2 -index-num 2
cluster1::> vserver security file-directory policy task show -vserver vs1 -policy-name policy1
Vserver: vs1
Policy: policy1
Index File/Folder Access Security NTFS NTFS Security
Path Control Type Mode Descriptor Name
----- -------- -------------- ------ ----- -----------------
1 / file-directory ntfs propagate sd
2 /1 file-directory ntfs propagate sd1, sd2
Give documentation feedback