I am still learning some of the more detailed parts about NTFS permissions.
I wanted to know what is the difference between these two modules, when would I choose one over the other?
na_ontap_file_security_permissions module
na_ontap_file_security_permissions_acl module
Is there a way to assign ntfs permissions to a security descriptor? This is the way the old modules worked.
One issue I have noticed is when I try to remove unwanted groups from a volume/path. Typically Authenticated Users is attached to the volume. I run the code below similarly in both modules, ansible comes back with OK but the group remains attached to the volume. When we used SDs this was not an issue. It's a loop but each group is reported ok.

- name: Remove {{ instance|lower }} OnBase Default Access

netapp.ontap.na_ontap_file_security_permissions_acl:

state: absent

vserver: "{{ vserver }}"

access: access_allow

acl_user: "{{ item }}"

apply_to:

files: true

sub_folders: true

this_folder: true

hostname: "{{ cluster }}"

username: "{{ username }}"

password: "{{ password }}"

path: /{{ volume }}

validate_certs: false

validate_changes: ignore

with_items:

- [ 'Everyone', 'Authenticated Users', 'Creator Owner', 'NT Authority\SYSTEM', 'BUILTIN\Administrators', 'BUILTIN\Users' ]

na_ontap_file_security_permissions maps to the POST/PATCH/DELETE for the rest endpoint https://library.netapp.com/ecmdocs/ECMLP2885799/html/#/NAS/file_directory_security_modify or the command vserver security file-directory ntfs modify

na_ontap_file_security_permissions_acl maps to the POST/PATCH/DELETE for the rest endpoint
https://library.netapp.com/ecmdocs/ECMLP2885799/html/#/NAS/file_directory_security_acl_modify or the command `vserver security file-directory ntfs <dacl/sacl> modify