Active IQ Unified Manager Discussions

User running the WorkFlow

PHILIPALBERT
5,698 Views

I'm having issues with access denied in one of my command.

How can I know the user being used to run the workflow?

 

It's connecting to a NetApp Cluster, but the issue is when I'm trying to create a folder on a NAS volume using powershell.   (New-Item $newFolder-type directory)

 

 

Thanks

Philip

1 ACCEPTED SOLUTION

mbeattie
5,638 Views

Hi Philip,

 

Have you tried using the New-NcDirectory cmdlet instead of the New-Item cmdlet? The advantage is that New-NcDirectory uses a native ZAPI call ("file-create-directory") and you are connecting over the management LIF (https) instead of a data LIF if attempting to access the CIFS share to create the directory. Here is the source code for the command as an example:

 

Param(
   [Parameter(Mandatory = $True, HelpMessage = "The name or IP Address of the cluster")]
   [String]$ClusterName,
   [Parameter(Mandatory = $True, HelpMessage = "The name of the vserver")]
   [String]$VserverName,
   [Parameter(Mandatory = $True, HelpMessage = "The path of the directory to create. '/vol/' will be appended to the start of the path if not specified.")]
   [String]$Path,
   [Parameter(Mandatory = $True, HelpMessage = "The permissions to assign to the directory")]
   [String]$Permission,
   [Parameter(Mandatory = $False, HelpMessage = "The maximum number of ZAPI retry attempts")]
   [Int]$ZapiRetryCount
)
#'------------------------------------------------------------------------------
#'Connect to the cluster
#'------------------------------------------------------------------------------
Connect-WFACluster $ClusterName
#'------------------------------------------------------------------------------
#'Set the command to create the directory.
#'------------------------------------------------------------------------------
If(-Not($Path.StartsWith("/vol/"))){
   If($Path.StartsWith("/")){
      [String]$p    = $Path.substring(1, ($Path.length -1))
      [String]$Path = "/vol/$p"
   }Else{
      [String]$Path = "/vol/$Path"
   }
}
[String]$command = "New-NcDirectory -Path ""$Path"" -Permission $Permission "
If($ZapiRetryCount){
   [String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-VserverContext $VserverName -ErrorAction Stop"
#'------------------------------------------------------------------------------
#'Create the directory.
#'------------------------------------------------------------------------------
Try{
   Invoke-Expression -Command $command -ErrorAction Stop
   Get-WFALogger -Info -Message "Executed Command`: $command"
   Get-WFALogger -Info -Message "Created directory ""$Path"" on vserver ""$VserverName"""
}Catch{
   Get-WFALogger -Info -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
   Throw "Failed creating Directory ""$Path"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------

Example output:

 

wfa1.png

 

 

From an NTFS perspecitve that will create a folder that has everyone full control access. EG

 

C:\>icacls \\vserver1\cifs_data_001$\test2
\\vserver1\cifs_data_001$\test2 Everyone:(I)(F)
                                Everyone:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

Hope that helps.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

4 REPLIES 4

shruthihr
5,657 Views

@PHILIPALBERT

 

 

Please share your environment  and let us know how are you creating the folder and share the commandlet for the same.

 

Thanks,

Shruthi

sinhaa
5,645 Views

@PHILIPALBERT

 

It's connecting to a NetApp Cluster, but the issue is when I'm trying to create a folder on a NAS volume using powershell.   (New-Item $newFolder-type directory)

 

------

 

Workflows on the windows machine are executed as LocalSystem account ( the account with which the service WFA server is running ). This account may not have permission to create objects on all places.

 

What can you do?

 

You have some options.

 

1. The cmdlet New-Item takes -Credential as a parameter. So provide a credential that has permission on the Nas share

2. You can start the WFA Server service as user account who has permission on the folder. 

 

 

I would suggest option 1, this is flexible and works in places where -credential is an option. 

 

Let me know how this worked for you.

 

sinhaa

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mbeattie
5,639 Views

Hi Philip,

 

Have you tried using the New-NcDirectory cmdlet instead of the New-Item cmdlet? The advantage is that New-NcDirectory uses a native ZAPI call ("file-create-directory") and you are connecting over the management LIF (https) instead of a data LIF if attempting to access the CIFS share to create the directory. Here is the source code for the command as an example:

 

Param(
   [Parameter(Mandatory = $True, HelpMessage = "The name or IP Address of the cluster")]
   [String]$ClusterName,
   [Parameter(Mandatory = $True, HelpMessage = "The name of the vserver")]
   [String]$VserverName,
   [Parameter(Mandatory = $True, HelpMessage = "The path of the directory to create. '/vol/' will be appended to the start of the path if not specified.")]
   [String]$Path,
   [Parameter(Mandatory = $True, HelpMessage = "The permissions to assign to the directory")]
   [String]$Permission,
   [Parameter(Mandatory = $False, HelpMessage = "The maximum number of ZAPI retry attempts")]
   [Int]$ZapiRetryCount
)
#'------------------------------------------------------------------------------
#'Connect to the cluster
#'------------------------------------------------------------------------------
Connect-WFACluster $ClusterName
#'------------------------------------------------------------------------------
#'Set the command to create the directory.
#'------------------------------------------------------------------------------
If(-Not($Path.StartsWith("/vol/"))){
   If($Path.StartsWith("/")){
      [String]$p    = $Path.substring(1, ($Path.length -1))
      [String]$Path = "/vol/$p"
   }Else{
      [String]$Path = "/vol/$Path"
   }
}
[String]$command = "New-NcDirectory -Path ""$Path"" -Permission $Permission "
If($ZapiRetryCount){
   [String]$command += "-ZapiRetryCount $ZapiRetryCount "
}
[String]$command += "-VserverContext $VserverName -ErrorAction Stop"
#'------------------------------------------------------------------------------
#'Create the directory.
#'------------------------------------------------------------------------------
Try{
   Invoke-Expression -Command $command -ErrorAction Stop
   Get-WFALogger -Info -Message "Executed Command`: $command"
   Get-WFALogger -Info -Message "Created directory ""$Path"" on vserver ""$VserverName"""
}Catch{
   Get-WFALogger -Info -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
   Throw "Failed creating Directory ""$Path"" on vserver ""$VserverName"""
}
#'------------------------------------------------------------------------------

Example output:

 

wfa1.png

 

 

From an NTFS perspecitve that will create a folder that has everyone full control access. EG

 

C:\>icacls \\vserver1\cifs_data_001$\test2
\\vserver1\cifs_data_001$\test2 Everyone:(I)(F)
                                Everyone:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

Hope that helps.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

PHILIPALBERT
5,603 Views

Thanks Matt, I'll do it that way.

No idea why I didn't think about that...

 

Public