Hello! How to set File Level Security (ACL) on a qtree (or folder) with WFA ? Usually we use fsecurity or set it from Windows //FilerA/C$/vol/vol_name, right click the qtree, Select Properties and set it from Security tab. Wondering how can it be Automated by WFA.
Since WFA runs on a Windows host, you could use PowerShell in a WFA command to 1) mount the share as a drive on the WFA server, 2) navigate to the folder containing the files you want to update, 3) Use Get-ACL and Set-ACL cmdlets to manipulate file level permissions, like shown here: http://technet.microsoft.com/en-us/library/hh849810.aspx 4) Remove the mount as part of clean-up for the command.
Sorry, Scott, I don't have an example WFA command that does this at the moment. Without someone posting an example command or workflow, some PowerShell scripting would be involved.
So +1 to Dave's suggestion. But I will give another option. Since you are already familiar with fsecurity, you could implement that option. The DataONTAP PoSH toolkit does not contain a fsecurity cmdlet (I checked the version included with WFA). The other option would be to use Invoke-NaSSH to send the fsecurity command directly to ONTAP. I took a quick look to see if the API was exposed for this in the NMSDK but I don't see anything that matches.
So the challenge with Get-ACL and Set-ACL is that these default cmdlets use a file path. This means that if you want to set NTFS file permissions, you will need to have a Cifs Share available to the WFA host where the command will be run. This becomes a slight challenge when dealing with secure tenancies. I did try to see if I could 'access' the file path using the Get-NaFile cmdlet but no go. It looks like you will need to map the share to the WFA host and then you can use the Get-ACL and Set-ACL cmdlet.
I'm assuming that Get-ACL and Set-ACL are PowerShell commands. I'd really rather stick to Perl than learn a whole new language. Is this the only way to do this, and if so, where does one find documentation on the PowerShell commands? I'm a PowerShell virgin, and frankly I'd rather stay that way. There ought to be a way to do this via the NMSDK using Perl (or any of the other NMSDK supported languages). Since a Filer can do it, why can't NMSDK?
The problem that I found was that it doesn't look like this functionality was exposed in the api. I looked at the NMSDK to see if it was listed but like I said, I didn't see anything for this feature. It might be worth a cross post in the NMSDK community.
Yes those were cmdlets that I mentioned and there for would be PoSH. Maybe there is a Perl equivalent for setting Windows File permissions. I am not aware of one though.
Question, How do I Import 2.1 NTFSSecurity Module so that WFA recognizes the Add-Ace cmdlet.
I downloaded the command let and added Import-Module command in profile.ps1 file @ C:\Program Files\netapp\WFA\PoSH
But I get “The term 'Add-Ace' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.”
Any suggestion on how to import a new module to WFA ?