#REST API "Apply an SD to a path" Missing Option for ntfs-sd

1 messages · Page 1 of 1 (latest)

earnest oar Sep 24, 2025, 9:42 AM

Hi All,
Following on from this conversation (https://discord.com/channels/855068651522490400/1417503639131394188) in the ansible community, I'm trying to find a way to create NTFS Security Descriptors within Ansible and subsequently REST APIs.
Here is an example of the ONTAP CLI command I need to run:

cluster1::> vserver security file-directory ntfs dacl add -vserver svm1_cluster1 -ntfs-sd secsd-test -access-type allow -account DEMO\Administrator -rights full-control -apply-to this-folder,sub-folders,files

cluster1::> vserver security file-directory ntfs dacl add -vserver svm1_cluster1 -ntfs-sd secsd-test -access-type allow -account DEMO\paul -rights full-control -apply-to this-folder,sub-folders,files

cluster1::> vserver security file-directory ntfs dacl show                                                                                        
Vserver: svm1_cluster1
  NTFS Security Descriptor Name: secsd-test

    Account Name     Access   Access             Apply To
                     Type     Rights
    --------------   -------  -------            -----------
    DEMO\Administrator   allow  full-control     this-folder, sub-folders, files
    DEMO\paul        allow    full-control       this-folder, sub-folders, files
2 entries were displayed.

(split into two posts due to limit)

The following REST API documentation does say that vserver security file-directory ntfs dacl add is a Related ONTAP command: https://docs.netapp.com/us-en/ontap-restapi/post-protocols-file-security-permissions-.html#related-ontap-commands

The trouble is, I can't see any parameters within the Request Body or Definitions that allows me to specify the -ntfs-sd name as shown in the CLI command above. I must be missing something obvious or misunderstanding descriptions though, so could someone help point me in the right direction please? Is there perhaps another API call that does this?

To confirm that -ntfs-sd option is required, as you can see below I'm unable to run the command without it, so I'd be surprised if the option is missing from the API, e.g.

cluster1::> vserver security file-directory ntfs dacl add -vserver svm1_cluster1 -account DEMO\Administrator -access-type allow -rights full-control -apply-to this-folder

Error: command failed: "ntfs-sd" is a required field

Thanks in advance.

still bridge Sep 24, 2025, 4:48 PM

https://docs.netapp.com/us-en/ontap-restmap/file-directory-security.html#file-directory-security-ntfs-dacl-add
'No REST Equivalent'