Native Fpolicy fails to block cifs delete operations by extension
Applies to
- ONTAP 9
- Native FPolicy
Issue
- Native Fpolicy configured to block "delete" events, but cifs/smb deletes are not being blocked
- Example of commands used to block "delete" file operations:
fpolicy policy event create -vserver vserver1 -event-name DELETES -volume-operation true -protocol cifs -file-operations delete
fpolicy policy create -vserver vserver1 -policy-name POLICY_DELETES -events DELETES -engine native -is-mandatory true -allow-privileged-access no -is-passthrough-read-enabled false
vserver fpolicy policy scope create -vserver vserver1 -policy-name POLICY_DELETES -volumes-to-include VOL -file-extensions-to-include .extension
vserver fpolicy enable -vserver vserver1 -policy-name POLICY_DELETES -sequence-number <number>