How to interrupt or switch of inheritance from volumes to qtrees while setting DACLs | NetApp | Page 1

magic moss Mar 1, 2023, 7:17 PM

#

Hi,

I want to replace DACLs for Qtrees on the command line with creating file-directory policies, security descriptors and eventually

::> vserver security file-directory ntfs dacl add ...

However, when I create and start the task to create the DACL, the Everyone Full-Controle ACE gets inherited from the volume.

I tried to replace the DACL on the volume but than this replacement gets inherited to the qtrees and subfolders as well.

Is there a way to either disable inheritance from volume to qtrees or interrupt the inheritance while deleting it on the volume level?

I'm using Ontap 9.8P14

fallow zealot Mar 1, 2023, 7:50 PM

#

@fleet otter something you could assist with here?

fleet otter Mar 1, 2023, 7:54 PM

#

@fallow zealot @magic moss looking into it...

magic moss Mar 15, 2023, 3:08 PM

#

@fleet otter It works if you create the policy task with propagate and, when creating the DACLs, set "-apply-to this-folder" only. After applying the policy, you can than stop the respective job after the ACLs are set on the root of the volume.

#How to interrupt or switch of inheritance from volumes to qtrees while setting DACLs