topic Re: Remove Everyone/Full from new share in Python REST API in ONTAP Rest API Discussions

Remove Everyone/Full from new share in Python REST API

Cjones — Wed, 04 Jun 2025 09:59:57 GMT

This code works, but also leaves Everyone/Full on the new share. Is there a way to remove it during creation, or is that a follow up step?

share_info = {

"path": thepath,

"svm": {

"name": svm_name

"name": user,

"acls": [

{"permission": "full_control", "type": "windows", "user_or_group": fulladgroup},

{"permission": "change", "type": "windows", "user_or_group": rwadgroup},

{"permission": "read", "type": "windows", "user_or_group": roadgroup}

]

}

myShare = CifsShare.from_dict(share_info)

try:

if myShare.post(poll=True😞

print("cifsshare %s created Successfully" % myShare.name)

Re: Remove Everyone/Full from new share in Python REST API

RobertBlackhart — Mon, 06 Jun 2022 15:36:07 GMT

I'm not very familiar with the CIFS shares feature specifically, but the documentation says that passing acls (as you already are) should prevent the default Everyone/Full-Control from being used:

From the DOC /protocols/cifs/shares section:

Permissions can be assigned to this newly created share by specifying the 'acls' field. When a CIFS share is created, ONTAP creates a default ACL for this share with 'Full-Control' permissions for an 'Everyone' user.

If that's not how it's behaving for you, then I think opening a ticket with your request and result would be the next step. Perhaps there's some bug in the API.

Re: Remove Everyone/Full from new share in Python REST API

Cjones — Tue, 07 Jun 2022 16:52:24 GMT

Thanks for your reply, the API is perhaps not behaving appropriately. Despite specifying ACLs during creation, Everyone/Full is still added to the share on creation. I will open a case and see what they say, report back.

Re: Remove Everyone/Full from new share in Python REST API

RobertBlackhart — Tue, 07 Jun 2022 17:14:05 GMT

Rereading the documentation blurb that I posted, one might also interpret it to mean that ONTAP will always create the default 'Everyone' user when a CIFS share is created. It would be interesting to see if support comes back with that being intended and if there would be a way to prevent that on initial creation.

Re: Remove Everyone/Full from new share in Python REST API

Cjones — Tue, 07 Jun 2022 19:21:59 GMT

Unfortunately support is sorry to tell me that this situation is out of their scope.

I expect that adding Everyone/Full is the default, and unavoidable. The issue is, it will take some time for me to figure out how to remove it, testing, playing around. I see no examples in the Github scripts Netapp provides as samples. They only create one share in the cifssetup.py script, and they don't set ACLs on it, leaving Everyone/Full. So need to figure out how to delete Everyone/Full, as you can imagine, adding Everyone/Full with no_access does not achieve the goal 😄 Will post back if/when I figure it out.

Re: Remove Everyone/Full from new share in Python REST API

RobertBlackhart — Tue, 07 Jun 2022 19:56:15 GMT

Sorry, that part I can help with. I thought maybe you knew that part and just wanted to find a one step solution instead.

To remove an ACL, you would want to call DELETE on /api/protocols/cifs/shares/{svm.uuid}/{share}/acls/{user_or_group}/{type} where {user_or_group} should be Everyone and {type} should be full_control. So to add to your code from the first post, I think it might look like this (untested, but you can modify for your needs):

share_info = { "path": thepath, "svm": { "name": svm_name }, "name": user, "acls": [ {"permission": "full_control", "type": "windows", "user_or_group": fulladgroup}, {"permission": "change", "type": "windows", "user_or_group": rwadgroup}, {"permission": "read", "type": "windows", "user_or_group": roadgroup} ] } myShare = CifsShare.from_dict(share_info) myShare.post(hydrate=True) everyone_acl = CifsShareAcl.find(myShare.svm.uuid, myShare.name, user_or_group="Everyone") if everyone_acl is not None: everyone_acl.delete() print("cifsshare %s created Successfully" % myShare.name)

Re: Remove Everyone/Full from new share in Python REST API

Cjones — Tue, 07 Jun 2022 20:04:05 GMT

Tested, that works, thanks! I was thinking ideally it would be nice to create it as needed to begin with, but the code to remove it does the job as well. Much appreciated.