ONTAP Rest API Discussions

/api/protocols/file-security/permissions and missing SID

Oc77
2,211 Views

Hello,

 

I'm trying to display file permissions using rest-api. I have an old vserver and it does not work when SECD cannot resolve SID. It's fine using ZAPI.  It displays SID when it cannot resolve to windows name. 

 

GET https://ip/api/protocols/file-security/permissions/c26b5fac-1135-11ea-a956-00a098d1acc2/%2FVOLUME%2FDIR%2FSUBDIR
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
X-Dot-Client-App: netapp-ontap-python-9.11.1.0
Authorization: Basic aW52ZW50YWlyZTpZb3VwbGFib3VtMzA=
None
-----------------------------
DEBUG:charset_normalizer:Encoding detection: ascii is most likely the one.
DEBUG:netapp_ontap.host_connection:
-----------RESPONSE-----------
404 Not Found
Date: Thu, 02 Feb 2023 10:48:14 GMT
Server: libzapid-httpd
X-Content-Type-Options: nosniff
Cache-Control: no-cache,no-store,must-revalidate
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors: 'self'
Content-Length: 144
Content-Type: application/hal+json
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
{
"error": {
"message": "Failed to convert SID to a Windows name. Reason: \"SecD Error: object not found\". ",
"code": "4849677"
}
}
------------------------------
Traceback (most recent call last):
File "/home/XXXXXX/projects/reporting_acls/test.py", line 14, in <module>
resource.get()
File "/srv/xxxxx/venv/netapp/lib/python3.9/site-packages/netapp_ontap/resources/file_directory_security.py", line 1048, in get
return super()._get(**kwargs)
File "/srv/xxxxx/venv/netapp/lib/python3.9/site-packages/netapp_ontap/utils.py", line 55, in wrapper
return on_api_fail(erro)
File "/srv/xxxxx/venv/netapp/lib/python3.9/site-packages/netapp_ontap/utils.py", line 78, in on_api_fail
raise NetAppRestError(cause=erro) from None
netapp_ontap.error.NetAppRestError: Caused by HTTPError('404 Client Error: Not Found for url: https://IP:443/api/protocols/file-security/permissions/c26b5fac-1135-11ea-a956-00a098d1acc2/%2FVOLUME%2FDIR%2FSUBDIR'): Failed to convert SID to a Windows name. Reason: "SecD Error: object not found".






 

 

 

1 ACCEPTED SOLUTION

ddegraaf
1,941 Views

Have you tried using /administrator/windows in the file-security path, like:

GET https://ip/api/protocols/file-security/effective-permissions/cf5f271a-1beb-11ea-8fad-005056bb645e/administrator/windows/%2F?share.name=sh1&return_records=true

 

View solution in original post

5 REPLIES 5

ddegraaf
1,942 Views

Have you tried using /administrator/windows in the file-security path, like:

GET https://ip/api/protocols/file-security/effective-permissions/cf5f271a-1beb-11ea-8fad-005056bb645e/administrator/windows/%2F?share.name=sh1&return_records=true

 

josem
1,180 Views

But if you add /administrator/windows it´s not the same path.  

Could explain it?

josem
987 Views

Any help with this issue?

ddegraaf
982 Views

You need "administrator/windows" in the path because you are trying to access the effective permissions on a windows admin user. According to the docs this is what is needed for the endpoint. 

 

I hope that helps!

josem
255 Views

It´s not the same,   the first thing it´s for  get the  permission with all the user like the first eg. 

 

https://ip/api/protocols/file-security/permissions/c26b5fac-1135-11ea-a956-00a098d1acc2/%2FVOLUME%2FDIR%2FSUBDIR

 The case you referenced it´s for see the effective permissions of a unique user, because this you detailed it the administrator user.

 

curl -X GET "https://10.63.26.252/api/protocols/file-security/effective-permissions/cf5f271a-1beb-11ea-8fad-005056bb645e/administrator/windows/%2F?share.name=sh1&r..." -H "accept: application/json" -H "authorization: Basic YWRtaW46bmV0YXBwMSE="

 

https://docs.netapp.com/us-en/ontap-restapi-98/ontap/protocols_file-security_effective-permissions_svm.uuid_path_endpoint_overview.html#overview

 

It´s no the same, one it´s for seeing the permission of the path or file, etc... and the other it´s for a particular user. 

 

 

Public