#Converting more complex commands to REST for CLI

I am looking to convert the following command to a REST Private CLI endpoint/command. REST is straightforward for simple commands, however in this instance there are multiple qualifiers.
Here is the command. Mainly looking for how to represent everything after security on the LH side . file-directory ntfs sacl. When I attempted to build this out as an endpoint ...api/vserver/security/file_directory/ntfs/sacl I got an error.

*vserver security file-directory ntfs sacl add -vserver {{ vserver }} -ntfs-sd {{ sdname }} -access-type failure -account Everyone -advanced-rights read-data,execute-file,write-data,append-data,delete,delete-child,write-perm,write-owner -apply-to this-folder,sub-folders,files
*

There is a dedicated API endpoint for that. So you don't need to use the private CLI.

/protocols/file-security/permissions/{svm.uuid}/{path}/acl
https://library.netapp.com/ecmdocs/ECMLP2885799/html/#/NAS/file_directory_security_acl_create

Thank you Mamoep. I was looking for that as well. The issue we are running into is, with Security descriptors and tasks, inheritance is eliminated and the permissions are explicitly set using a task. With the new system, inherited permissions are ignores so for example, if I want to remove authenticated users which is inherited, with the new ACL approach I cannot, it is ignored. I was looking to apply SACLs and ACLs to a security descriptor so I can push that to the path.

Also sorry for the ommission we were using ansible. The original cli was to work around an issue with SACLs being added. It is a direct command to add the SACL to a security descriptor

I appreciate the help on this. It is challenging at the moment.

I actually used the windows module to break inheritance prior to pushing new ACLs and SACLs. This got me the desired effect and prevented the folders from inheriting the wrong perms. This mimics the behavior of pushing via SD task.

We had an issue where the default behavior of the new ACL modules would inherit from above, which in many cases is ideal, howver; in this instance we wanted to make sure the exact groups and SACLs were applied to these folders. Inheritance was causing an issue because we have some volumes that contain extra users/groups that we did not want to propogate, Additionally due to a bug, sometimes when changes are made to an ACL via script, it removes the SACL entries all together.