Subscribe

Add and Modify CIFS User Directory Permissions Error

Add and modify CIFS user-specific directories.
Problem with the information of the pre-progressed user being added to the next user's progress

 

function ConnectSecurityNaDirectoryII{
param(
[String]$UserName,
[String]$DomainUserName,
[String]$FullVolumeUser,
[String]$NaUser,
[String]$NaPassWord,
[String]$IPAddress,
[String]$VServer,
[String]$ModulePath
)
$username = "$NaUser"
$password = "$NaPassWord"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

import-module $ModulePath

Connect-NcController $IPAddress -cred $cred -vserver $VServer

$User = $UserName
$Account = $DomainUserName
$Path = $FullVolumeUser.Substring(4,$FullVolumeUser.Length-4)

New-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext vs01
Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -VserverContext vs01 | Remove-NcFileDirectorySecurityNtfsDacl
Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -Account $Account -AccessType Allow -Rights Full_Control -VserverContext vs01
Add-NcFileDirectorySecurityPolicyTask -Name $User -path $Path -SecurityType ntfs -VserverContext vs01 -NtfsSecurityDescriptor $User
Set-NcFileDirectorySecurity -Name $User -VserverContext vs01

Remove-NcFileDirectorySecurityPolicy -Name $User -VserverContext vs01
Remove-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext vs01


#세션종료
$Global:CurrentNcController = $null
}

Re: Add and Modify CIFS User Directory Permissions Error

Hello @hyunminlee,

 

I don't have the context around how this function is being used, so I can't really test it to verify that it's working correctly.

 

function ConnectSecurityNaDirectoryII {
    param(
        [String]$UserName,
        [String]$DomainUserName,
        [String]$FullVolumeUser,
        [String]$NaUser,
        [String]$NaPassWord,
        [String]$IPAddress,
        [String]$VServer,
        [String]$ModulePath
    )
    Begin {

        Import-Module DataONTAP

        # no need to wrap the username and passwords in quotes to convert them to
        # strings.  PoSh will do this automatically.
        $username = $NaUser
        $password = $NaPassWord

        # no need for the ToCharArray call.  See this URL for more ways to do auth:
        # https://practical-admin.com/blog/netapp-powershell-toolkit-authentication/
        $securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
        $cred = New-Object System.Management.Automation.PSCredential $username,$securePassword

        # connect to the controller
        Connect-NcController $IPAddress -Credential $cred -Vserver $VServer
    }
    Process {
        
        $User = $UserName
        $Account = $DomainUserName
        $Path = $FullVolumeUser.Substring(4,$FullVolumeUser.Length-4)

        # create the directory
        New-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext $VServer
        
        # remove the default permissions
        Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -VserverContext $VServer | Remove-NcFileDirectorySecurityNtfsDacl

        # add custom permissions
        Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -Account $Account -AccessType Allow -Rights Full_Control -VserverContext $VServer
        Add-NcFileDirectorySecurityPolicyTask -Name $User -path $Path -SecurityType ntfs -VserverContext $VServer -NtfsSecurityDescriptor $User
        Set-NcFileDirectorySecurity -Name $User -VserverContext $VServer

        Remove-NcFileDirectorySecurityPolicy -Name $User -VserverContext $VServer
        Remove-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext $VServer

    }
    End {
        # remove the stored controller
        $Global:CurrentNcController = $null
    }
}

I made some changes to the function, in particular using the Begin, Process, and End methods for pipeline processing.  These apply when using the pipeline to execute the same function multiple times.  For example:

 

$users = @("a", "b", "c")

$users | Do-MyCustomFunction

When this is executed, the PowerShell pipeline will execute the Begin section once (at the start), then each iteration (for each element of the $users array) will execute the Process section, with the End section being executed once as the final thing before going on to the next step in the pipeline.

 

This is very important when doing resource (and time) intensive operations like loading a module and connecting to the ONTAP controller. 

 

Which brings me to my first question: why bother loading the module and then connecting + disconnecting from the cluster as a part of the function?  Presumably this is called as a part of a larger script, why not have the Import-Module and Connect-NcController functionality outside of the function so that the function only needs the relevant information?

 

All of that being said, and regardless of the above, how are you executing your function?  Can you give me the code (or a snippet) for the script which executes the function?  That may help to determine why variables from the previous loop iteration are not being reset.

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Add and Modify CIFS User Directory Permissions Error

Is there a way to log through the corresponding powershall execution within storage?