Skip to main content
NetApp Knowledgebase

Using file-directory commands to apply an auditing SACL to a CIFS server

Applies to

  • ONTAP 9 
  • NAS Protocol 
  • Administration 
  • CIFS


The steps to create and apply NTFS ACLs are the following:
Create a NTFS security descriptor.
Add SACLs to the NTFS security descriptor.
    Note: If you want to audit file and directory events, you must configure auditing on the Vserver in addition to adding SACLs to the Security Descriptor.
Create a file/directory security policy.
    (This step associates the policy with a Vserver.)
Create policy tasks.
    (A policy task refers to a single operation to apply to a file (or folder) or to a set of files (or folders). Amongst other things, the task defines which security descriptor to apply to a path.)
    Note: Adding a policy task fails if a job is currently running for the specified policy to which a task is being added.
Apply a policy to the associated Vserver.

Below, how to perform these tasks are described. The command examples show how to apply an Auditing SACL to audit all possible actions performed by any user that accesses any object on the CIFS Server. The description can be used to adjust the commands examples so that they are suitable for your environment