#Error in Module na_ontap_file_security_permissions_acl

Even after successfully add a domain user with full_control permissions to the NTFS Security on a qtree the task fail with the error:

"msg": "Error - create still required after create (with modify: None)"

Collection: 22.3.0
ONTAP: 9.11
Playbook:

  state: present
  access: access_allow
  acl_user: "DOMAIN\\user1"
  apply_to:
    files: true
    sub_folders: true
    this_folder: true
  path: "/{{ volume_name }}/{{ qtree_name }}"
  advanced_rights:
    full_control: true
  vserver: "{{ vserver_name }}"```

Any idea?

We are looking in to it.

I believe this is coming from the validate_changes options which by default is set to error out

https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_file_security_permissions_acl_module.html#parameter-validate_changes

So the issue can come form a few different places. One is that there is a different ACL set up that contradicting the one you've set up. For example if there is an ACl at the top level that grant everyone access to everything. Any ACL you do to restrict access won't take effect. If you are aware and ok with that you can set Validate_changes to warn which will print the same message as a warning and not an error and not fail the module.

From a windows admin perspective on a windows server. From a top level folder (volume) we have everyone with full_control with inherith to qtree. Now I add a domain user with full_control.l on the qtree level. After that we have everyone and the domain user together with the same rights. The end goal is of course to remove the user everyone afterwards. This procedure is to prevent that the user loses the acces to his data. Even it is in the sub milli sec.
On a windows server it works without any errors or warnings.

OK. Got it. But if I run the playbook a second time, the play end with the error:

{'message': 'duplicate entry', 'code': '1', 'target': 'user'}."}

The module should handle this, that a rerun does not end in an error.