onefs-platform-api-reference-7-0-1.pdf

IsilonOneFSVersion 7.0.1

Platform API Reference

Published December, 2012

Copyright © 2001 - 2012 EMC Corporation. All rights reserved.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to changewithout notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind withrespect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for aparticular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicablesoftware license.

EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and othercountries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date product documentation, go to the Isilon Customer Support Center.

EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.EMC.com

2 OneFS 7.0.1 Platform API Reference

Introduction to the Platform API 7

API architecture ..............................................................................................8HTTP methods...........................................................................................8Interaction patterns..................................................................................8Platform API self-documentation.............................................................11

Access Control..............................................................................................12HTTP Basic Authentication......................................................................12Configure a session cookie.....................................................................12

Platform API session resource 15

Create a session............................................................................................16Send a request using a session cookie..........................................................16Get information about the current session.....................................................16Log out of a session......................................................................................16

Authentication resources 19

Auth user security token resource..................................................................20Auth groups resource....................................................................................21Auth groups members resource.....................................................................22Auth users resource......................................................................................23Auth users member of resource.....................................................................24Auth netgroups resource...............................................................................25Auth mapping users rules resource...............................................................25Auth mapping users lookup resource............................................................26Auth providers summary resource.................................................................26Auth ADS providers resource.........................................................................27Auth ADS providers domains resource...........................................................29Auth ADS providers controllers resource........................................................30Auth ADS providers search resource..............................................................31Auth file providers resource...........................................................................32Auth LDAP providers resource.......................................................................34Auth local providers resource........................................................................37Auth NIS providers resource..........................................................................39Auth roles resource.......................................................................................41Auth roles members resource........................................................................42Auth roles privileges resource.......................................................................42Auth global settings resource........................................................................43Auth shells resource......................................................................................44Auth wellknowns resource.............................................................................45Persona properties........................................................................................45Privilege properties.......................................................................................45Groups properties.........................................................................................46Users properties............................................................................................46Domain properties........................................................................................48Option properties..........................................................................................48Roles properties............................................................................................48

Chapter 1

Chapter 2

Chapter 3

CONTENTS

OneFS 7.0.1 Platform API Reference 3

NFS resources 49

NFS exports summary resource......................................................................50NFS export resource......................................................................................50NFS NLM locks resource................................................................................51NFS NLM lock waiters resource......................................................................52NFS NLM sessions resource...........................................................................53NFS default export settings resource.............................................................53NFS global settings resource.........................................................................56NFS exports configuration check resource.....................................................57NFS reload resource......................................................................................57NFS export properties....................................................................................58NLM locks properties.....................................................................................61NLM waiter properties...................................................................................61NLM session properties.................................................................................62NFS map properties.......................................................................................62

SMB resources 63

SMB shares summary resource.....................................................................64SMB shares resource.....................................................................................64SMB open files resource................................................................................65SMB sessions resource.................................................................................66SMB share settings resource.........................................................................67SMB global settings resource........................................................................69Share properties...........................................................................................70Run as root properties...................................................................................72Permissions properties..................................................................................73Trustee properties.........................................................................................73Open files properties.....................................................................................73Sessions properties......................................................................................73

Quota resources 75

Quota license resource..................................................................................76Quota summary resource..............................................................................76Quotas resource............................................................................................77Quota quotas notification rules resource.......................................................78Quota reports resource..................................................................................79Quota about reports resource........................................................................81Quota report settings resource......................................................................81Quota default notifications rules resource.....................................................82Quota mappings settings resource................................................................83Quotas properties.........................................................................................84Persona properties........................................................................................85Usage properties...........................................................................................86Threshold properties.....................................................................................86

Snapshot resources 87

Snapshot license resource............................................................................88Snapshot summary resource.........................................................................88Snapshots resource......................................................................................89Snapshot schedules resource.......................................................................90Snapshot locks resource...............................................................................91Snapshot pending resource...........................................................................92

Chapter 4

Chapter 5

Chapter 6

Chapter 7

CONTENTS


Snapshot settings resource...........................................................................93Snapshot properties......................................................................................94Schedules properties....................................................................................95Lock properties.............................................................................................95Pending properties........................................................................................95

Zones resources 97

Zones summary resource..............................................................................98Zones resource..............................................................................................98Zone persona properties...............................................................................99

Chapter 8

CONTENTS

OneFS 7.0.1 Platform API Reference 5

CONTENTS


CHAPTER 1

Introduction to the Platform API

The Isilon OneFS Platform API provides access to cluster configuration, management, andmonitoring functionality through an HTTP-based interface that conforms to the principlesof Representation State Transfer (REST) architecture. Through this interface, clusteradministrators can develop clients and software to automate the management andmonitoring of their EMC Isilon storage systems.

The Platform API represents system configuration and status information through objectsand collections of objects. These objects and collections are exposed as resources,which are represented by Uniform Resource Identifiers (URIs). Resources are manipulatedusing standard HTTP methods (GET, POST, PUT, and DELETE). The representations ofobjects and collections are exchanged between client software and the cluster asJavaScript Object Notation (JSON) formatted documents.

You must have a solid understanding of HTTP/1.1, RFC2616 and experiencewriting HTTP-based client software before you can implement the Platform API.

The following table provides definitions for terms that are relevant to understanding thePlatform API.

Object An object is a logical grouping of systemconfiguration data. An object can be created byusers or an object can be a global setting on thesystem.

For example, a user-created object can be a filesystem snapshot, quota, share, export, blockstorage target, logical unit, sync policy, jobimpact policy, and so on.

An object can also be a system global settingsuch as job engine settings, default sharesettings, HTTP server settings, snapshotsubsystem settings, and so on.

Collection A collection represents a group of the same orsimilar types of objects. For example, all of theuser-defined quotas in the system make up acollection of quotas.

Resource A resource is an object, collection, or dataprocessing facility that is accessible by a URIthrough the Platform API.

u API architecture ......................................................................................................8u Access Control......................................................................................................12

Introduction to the Platform API 7

API architectureThe Platform API URIs and HTTP methods are organized into patterns that provide supportfor manipulating objects and collections.

Much of cluster administration involves reading, creating, modifying, and deletingconfiguration information. Typically, configuration information is arranged into groups ofrelated settings and properties called objects; similar objects are further organized intocollections.

A system object represents global system configuration information and is not part of acollection. A user object represents configurations that are defined by users; theseobjects are typically organized into a collection.

HTTP methodsYou can perform operations by applying HTTP methods to resource URIs.

The Platform API only implements the HTTP methods defined by RFC 2616, with thefollowing distinctions:u The POST method is generally used to create resources.

u The PUT method enables partial modification of a resource through partialrepresentation.

u The PUT and POST methods do not return full resource entity bodies upon success.

u The POST method returns a document indicating the success of the request and thelocation of the created resource.

Interaction patternsYou can interact with the system configuration by applying HTTP methods to resourceURIs according to a set of usage patterns.

u The Platform API supports a maximum URI length of 8,198 characters.

u When making multiple changes to the Platform API, it is recommended that userssend all requests to a single node to avoid potential configuration collisions.

Read a system objectYou can directly manipulate configuration objects where the object has a uniqueidentifier; the identifier is the URL that represents the direct path to that object.

Pattern:

GET /<resource-version>/<namespace>/<object-id>

Request:

GET /<resource-version>/<namespace>/<object-id>

Response:Content-Type: application/json{"<object>": { "<property>": <value>, ... }}



Modify a system objectYou can partially modify objects by allowing the client to send a partial representation ofthe properties. Only the properties included in the representation are modified on theresource, which leaves all other unspecified properties in their current state.

Pattern: PUT /<resource-version>/<namespace>/<object-id>Request:

PUT /<resource-version>/<namespace>/<object-id> Content-Type: application/json{ "<property>": <value> ...}

Response:{Standard JSON success or error response}

Read an entire collectionYou can read all of the objects in a collection through the GET method.

Pattern:

GET /<resource-version>/<namespace>/<collection-name>

Request:

GET /<resource-version>/<namespace>/<collection-name>

Response:Content-Type: application/json{ "<collection>": [ "<property>": <value> ... ]}

Read an object from a collectionYou can read individual objects in a collection through the GET method. The pattern toread an individual object in a collection is the same as the pattern to read a systemobject, with the addition of a collection name in the URI.

Pattern:

GET <resource-version>/<namespace>/<collection-name>/<object-id>

Request:

GET /<resource-version>/<namespace>/<collection-name>/<object-id>

Response:Content-Type: application/json { "<collection>": [ "<property>": <value> ... ]}


Interaction patterns 9

Create an object in a collectionYou can create an object in a collection through the POST method. The systemdetermines the final URI where the new object is located.

Pattern:

POST /<resource-version>/<namespace>/<collection-name>

Request:

POST /<resource-version>/<namespace>/<collection-name> Content-Type: application/json{ "<property>": <value>, ...}

Response:Location:/<resource-version>/<namespace>/<collection-name>/<new-object-id>

Content-Type: application/json {Standard JSON success or error response}

Modify an object in a collectionYou can modify an object in a collection through the PUT method. The pattern to modifyan object in a collection is the same as the pattern to modify a system object, with theaddition of a collection name in the URI.

Pattern:

PUT /<resource-version>/<namespace>/<collection-name>/<object-id>

Request:

PUT /<resource-version>/<namespace>/<collection-name>/<object-id>

Content-Type: application/json{ "parameter_name": <value> ...}


Delete an object from a collectionYou can delete an object from a collection through the DELETE method.

Pattern:

DELETE /<resource-version>/<namespace>/<collection-name>/<object>

Request:

DELETE /<resource-version>/<namespace>/<collection-name>/<object-id>




Filter a collectionYou can apply a filter to a collection and retrieve objects from the collection that matchessome common criteria.

Pattern: GET /<resource-version>/<namespace>/<collection-name>?<parameter_name> =<match-pattern>&...Request:

GET /<resource-version>/<namespace>/<collection-name>?<parameter_name>=<match-pattern>&...

Response:Content-Type: application/json {"count": <integer>,"<collection-name>": [ { "<parameter-name>": <matched-value>, ... }, ... ]}

Platform API self-documentationThe Platform API contains detailed self-documentation about API resources, including URIdescriptions, query arguments, allowable HTTP methods, and the request and responseJSON representation structures that are available.

You can access the Platform API self-documentation by sending a GET request to anyresource URI with the describe query parameter appended to the end of the URI. The self-documentation text available for that resource is returned.

For example, to obtain self-documentation for the quotas resource, send the followingrequest:

GET /platform/1/quota/quotas?describe

You can retrieve a list of all of the resources by appending list and all options to thedescribe query parameter.

For example, to return a list of all resource paths for snapshots, send the followingrequest:

GET /platform/1/snapshot/snapshots?describe&list&all HTTP_RESULT 200 { "directory": [ "/1/snapshot/snapshots/<SID>", "/1/snapshot/snapshots/<SID>/locks", "/1/snapshot/snapshots/<SID>/locks/<LID>" ] }

You can obtain the JSON schemas that are included in the self-documentation by sendinga GET request to any resource URI with the query parameters describe and json appendedto the end of the URI.

For example, to obtain the JSON-formatted schemas for the quotas resource, send thefollowing request:

GET /platform/1/quota/quotas?describe&json


Platform API self-documentation 11

If you include any values for either the describe or json parameters, the values areignored.

The JSON-formatted schema documents conform to RFC draft-zyp-json-schema-03.

Access ControlYou can access the Platform API resources through the HTTPS protocol on TCP port 8080.All Platform API resources are provided under a top-level /platform URI path that isavailable on all nodes in the cluster.

Resources are accessed through the following pattern:

https://<cluster-ip-or-host-name>:8080/<resource-uri>.

Access to Platform API resources requires user authentication and authorization. ThePlatform API uses role-based access control; users can only access resources for whichthey have privileges.

Users can authenticate to the Platform API either through HTTP Basic Authentication (asdefined by RFC 2617) or with a session, which is obtained through the Platform APIsession resource.

HTTP Basic Authentication requires more system processing resources and is slower thanauthenticating with a session cookie. For multiple requests over a period of time, it isrecommended that you create a session cookie.

HTTP Basic AuthenticationYou can authenticate to the Platform API through HTTP Basic Authentication. With HTTPBasic Authentication, you must create a standard Authorization header and send therequest to the server with a valid username and password. If your username andpassword are authenticated by the server, you are able to access that resource.

The following example shows a sample HTTP Basic Authentication request.

GET /platform/1/protocols/nfs/exports HTTP/1.1Host: onefs.cluster.hostnameAuthorization: Basic QWxhZGRpbjpvcGVuIHN1c2FtZQ==

HTTP Basic Authentication conforms to RFC 2617, section 2.

Configure a session cookieYou can configure a session cookie by sending credentials to a session service resource,which responds with a Set-Cookie header. The Set-Cookie header contains anauthentication token that can then be sent to the Platform API on subsequent requests toprovide immediate authentication. Effectively, the Platform API creates a statelesssession on the cluster, which maintains the authenticated state for a period of time.

Session cookies are specific to a single node; all requests must be made to the samenode from which the session cookie was obtained.

HTTP Set-Cookie and Cookie headers conform to RFC 6265.

1. Create a JSON entity body, including the username, password, and any otherauthentication information.

2. Create a session entity through the POST method.POST <JSON entity> /platform/session/1/sessions



If the server validates the username and password, the server responds with a Set-Cookie header. Otherwise, the server responds with an error document.

3. Obtain the isisessid value from the Set-Cookie header.

4. Include the Cookie: <isisessid> header in all future Platform API requests to thatnode.


Configure a session cookie 13



CHAPTER 2

Platform API session resource

You can set a session cookie for extended authentication on a single node.

Object parametersThere are no parameters for this resource.

Object properties

Property Type Description

username string Provides the username requesting access to the cluster.

password string Provides the password for the username requesting accessto the cluster.

services array Provides a list of Platform API services to obtain access to.

timeout_absolute integer Provides the number of seconds before the session expires.

timeout_inactive integer Provides the number of seconds of inactivity before thesession expires.

u Create a session....................................................................................................16u Send a request using a session cookie..................................................................16u Get information about the current session.............................................................16u Log out of a session..............................................................................................16

Platform API session resource 15

Create a sessionYou can create a session and extend your authentication to a node for multiple requestsover a period of time.

Request:

POST /session/1/session

{ "username": "<string>", "password": "<string>", "services": ["<string>"] }

If the credentials validate, the following steps occur.

1. The server responds by sending the Set-Cookie: header with an isisessid value.

2. The client parses the cookie according to the RFC standards.

3. A pre-authenticated session is created on the node where the POST command wasexecuted, and the client can send a Cookie: isisessid header for access instead ofa basic HTTP authentication header.

If the credentials are not valid on the server, the server responds with an error message.

Send a request using a session cookieAfter a session cookie is created, the isisessid value authenticates future requests.

Request:

Send the GET request to any Platform API resource with a Cookie: header and a setisisessid value. No WWW-AUTHENTICATE header is needed.

Response:

If the server validates the credentials, the server grants access and processes therequest.

If the server does not validate the credentials, the server responds with an error message.

Get information about the current sessionYou can send a request to the server for information about the current session.

Request:

GET /session/1/session?isisessid

Response:

If the server validates the credentials, the JSON document used to create the session isreturned.

"username": <string>"services": [<string>, ...] "timeout_absolute": <int>, "timeout_inactive": <int>


Log out of a sessionYou can manually delete a session cookie if you no longer need to stay authenticated to anode. Session cookies are configured to expire automatically after a period of inactivity



(the default setting is 900 seconds) or after an absolute period of time (the defaultsetting is 14400 seconds).

Request:

DELETE /session/1/session?isisessid

Response:

If the server validates the credentials, the session value is no longer valid for futurerequests.



Log out of a session 17



CHAPTER 3

Authentication resources

These resources allow users to retrieve, create, modify, or delete authenticationproviders, users, groups, and other configurations and settings.

u Auth user security token resource..........................................................................20u Auth groups resource............................................................................................21u Auth groups members resource.............................................................................22u Auth users resource..............................................................................................23u Auth users member of resource.............................................................................24u Auth netgroups resource.......................................................................................25u Auth mapping users rules resource.......................................................................25u Auth mapping users lookup resource....................................................................26u Auth providers summary resource.........................................................................26u Auth ADS providers resource.................................................................................27u Auth ADS providers domains resource...................................................................29u Auth ADS providers controllers resource................................................................30u Auth ADS providers search resource......................................................................31u Auth file providers resource...................................................................................32u Auth LDAP providers resource...............................................................................34u Auth local providers resource................................................................................37u Auth NIS providers resource..................................................................................39u Auth roles resource...............................................................................................41u Auth roles members resource................................................................................42u Auth roles privileges resource...............................................................................42u Auth global settings resource................................................................................43u Auth shells resource..............................................................................................44u Auth wellknowns resource.....................................................................................45u Persona properties................................................................................................45u Privilege properties...............................................................................................45u Groups properties.................................................................................................46u Users properties....................................................................................................46u Domain properties................................................................................................48u Option properties..................................................................................................48u Roles properties....................................................................................................48

Authentication resources 19

Auth user security token resourceThis resource applies the standard system object pattern to the currently authenticatedsecurity token.

Operation Method and URI- -Get the security token for the currentlyauthenticated user

GET /platform/1/auth/id

View the detailed JSON schema for the usersecurity token

GET /platform/1/auth/id?describe

Query parametersThere are no parameters for this resource.

Object properties


additional_id persona on page45

Properties for an additional ID.

gid persona on page45

Properties for the currently authenticatedprimary group ID for the user.

group_sid persona on page45

Properties for the currently authenticatedprimary group security ID for the user.

ifs_restricted Boolean Indicates if this user has restricted access tothe /ifs file system.

local_address string Provides the IP address of the node that isservicing the request.

on_disk_group_id persona on page45

Properties for the group ID that is stored ondisk for the authenticated user.

on_disk_user_id persona on page45

Properties for the user ID that is stored on diskfor the authenticated user.

privilege privilege on page45

Properties for the privileges granted to theauthenticated user.

protocol integer The protocol that is responsible for thecreation of the token, such as NFS or FTP.

remote_address string The IP address of the client requesting theinformation.

uid persona on page45

Properties for the currently authenticated userID.

user_sid persona on page45

Properties for the currently authenticatedsecurity ID for the user.

zid integer Provides the zone ID that is serving therequest.




zone_id string Provides the name of the zone that is servingthe request.

Auth groups resourceThis resource applies the standard collection pattern to groups.

Operation Method and URI- -Get all groups GET /platform/1/auth/groups

Flush the groups cache DELETE /platform/1/auth/groups

Get a group GET /platform/1/auth/groups/<group-id>

Create a group POST /platform/1/auth/groups

Modify a group PUT /platform/1/auth/groups/<group-id>

Delete a group DELETE /platform/1/auth/groups/<group-id>

View the detailed JSON schema for anauthentication group

GET /platform/1/auth/groups?describe

Query parameterscached

If true, only return cached objects.

domain

Filter groups by domain.

filter

Filter groups by name prefix.

provider

Filter groups by provider.

query_member_of

Enumerate all groups that a group is a member of.

resolve_names

Resolve names of a persona.

zone

Filter groups by zone.

limit

Return no more than this many results at one time (see resume).

resume

Continue returning results from the previous request (cannot be used with otherparameters).


Auth groups resource 21

Object properties

Property Type Type

total string Provides the total number of groups to display.

resume string Provides the value for the resume argument used forcontinuation requests.

groups groups on page 46 Properties for groups.

Auth groups members resourceThis resource applies the standard collection pattern to members of a group.

Operation Method and URI- -Get the members of a group GET /platform/1/auth/groups/

<group-id>/members

Add a member to a group POST /platform/1/auth/groups/<group-id>/members

Remove a member from a group DELETE /platform/1/auth/groups/<group-id>/members/<persona-id>

View the detailed JSON schema for themembers of an authentication group

GET /platform/1/auth/groups/<group-id>/members?describe

Query parametersprovider

Filter groups by the provider.

resolve_names

Resolve the name of a persona.

zone

Filter groups by zone.

limit


resume


Object properties


resume string Provides the value for the resume argument to be usedfor continuation requests.

id string Provides the system ID given to the new member of thegroup. In a POST request, this value is the ID that refers tothe item in the collection item resource path.




members persona on page45

Properties for users or groups that have this role.

Auth users resourceThis resource applies the standard collection pattern to users.

Operation Method and URI- -Get all users GET /platform/1/auth/users

Get one user GET /platform/1/auth/users/<user-id>

Modify a user PUT /platform/1/auth/users/<user-id>

Create a user POST /platform/1/auth/users

Flush the users cache DELETE /platform/1/auth/users

Delete a user DELETE /platform/1/auth/users/<user-id>

View the detailed JSON schema forauthentication users

GET /platform/1/auth/users?describe

Query parameterscached

If true, only return cached objects.

domain

Filter users by domain.

filter

Filter users by name prefix.

provider

Filter users by provider.

query_member_of

Enumerate all users that a group is a member of.

resolve_names

Resolve names of personas.

zone

Filter users by zone.

limit


resume



Auth users resource 23

Object properties


total integer Provides the total number of users.


users users on page 46 Properties for authenticating users.

Auth users member of resourceThis resource applies the standard collection pattern to groups that a user is a memberof.

Operation Method and URI- -Get the groups that a user is a member of GET /platform/1/auth/users/<user-

id>/member_of

Add a group membership for a user POST /platform/1/auth/users/<user-id>/member_of

Remove a group membership from a user DELETE /platform/1/auth/users/<user-id>/member_of/<persona-id>

View the detailed JSON schema forauthentication users members_of

GET /platform/1/auth/users/<user-id>/member_of?describe


Filters groups by provider.

resolve_names

Resolves the names of personas.

zone

Filters groups by zone.

resume

Continues returning results from the previous call (cannot be used with otheroptions).

Object properties


resume string Provides the value for the resume argument to beused for continuation requests.

member_of persona on page45

Properties for each group the user is a member of.



Auth netgroups resourceThis resource applies the standard collection pattern to individual members ofnetgroups.

Operation Method and URI- -Get the members of a netgroup GET /platform/1/auth/netgroups/

<netgroup>

View the detailed JSON schema forauthentication netgroups

GET /platform/1/auth/netgroups/<netgroup>?describe


Filter users by provider.

recursive

Perform recursive searches.

ignore_errors

Ignore netgroup errors.

zone

Filter users by zone.

Object properties


domainname string Provides the domain for which the netgroup is valid.

hostname string Provides the host that is valid for this netgroup.

netgroup string Provides the name of the netgroup.

username string Provides the user who is valid for this netgroup.

Auth mapping users rules resourceThis resource returns the rules for user mapping.

Operation Method and URI- -Get the user mapping rules GET /platform/1/auth/mapping/

users/rules

Replace all user mapping rules PUT /platform/1/auth/mapping/users/rules

View the detailed JSON schema forauthentication mapping users rules

GET /platform/1/auth/mapping/users/rules?describe

Query parameterszone

The zone that the rules apply to.


Auth netgroups resource 25

Object properties


default_unix_user domain on page 48 Provides the properties for a default UNIXuser. Requires a token to have both aprimary UID and GID.

options options on page 48 Properties for options.

user1 domain on page 48 Properties for the primary user.

user2 domain on page 48 Properties for the secondary user.

Auth mapping users lookup resourceThis resource enables user look ups.

Operation Method and URI- -Lookup a user through the user mapper GET /platform/1/auth/mapping/

users/lookup

View the detailed JSON schema forauthentication mapping users lookup

GET /platform/1/auth/mapping/users/lookup?describe

Query parametersuser

The user to lookup.

zone

The name of the zone that is serving the request.

uid

The system generated user ID.

gid

The system generated group ID.

primary_gid

The primary group ID.

Object properties


mapping user on page 46 Properties for user look ups.

Auth providers summary resourceThis resource returns summary information for authentication providers.

Operation Method and URI- -Get the authentication providers summary GET /platform/1/auth/providers/

summary



Operation Method and URI- -View the detailed JSON schema forauthentication providers summary

GET /platform/1/auth/providers/summary?describe


Object properties


id string Provides the ID of the provider.

active_server string Provides the server that the provider serves authenticationrequests with. Null if no server is set or is not applicable for thatprovider.

forest string Provides the Active Directory forest. Null if not applicable.

site string Provides the Active Directory site name. Null if not applicable.

name string Provides the name of the provider.

status string Indicates the online and active state of the provider.

type string Provides the type of the provider.

Auth ADS providers resourceThis resource applies the standard collection pattern to individual Active Directory service(ADS) providers.

Operation Method and URI- -Get one ADS provider GET /platform/1/auth/providers/

ads/<provider-id>

Get all ADS providers GET /platform/1/auth/providers/ads

Join a domain POST /platform/1/auth/providers/ads

Modify an ADS provider PUT /platform/1/auth/providers/ads/<provider-id>

Leave a domain DELETE /platform/1/auth/providers/ads/<provider-id>

View the detailed JSON schema for ADSproviders

GET /platform/1/auth/providers/ads/<domain>?describe

Query parametersscope


Auth ADS providers resource 27

If this parameter is specified as effective, or if it is not specified, all fields are shown.If the parameter is specified as user, only fields with non-default values are shown. Ifthe parameter is specified as default, the default values are returned.

Object properties


allocate_gids Boolean Allocates a GID for an unmapped ADS group.

allocate_uids Boolean Enables allocation of a UID for an unmappedADS user.

assume_default_domain Boolean Enables lookup of unqualified user names inthe primary domain.

authentication Boolean Enables use of the provider for authenticationand identity.

check_online_interval integer Specifies the time between provider onlinechecks.

controller_time integer Provides the current time of the domaincontroller.

create_home_directory Boolean Creates a home directory on the first login.

domain_offline_alerts Boolean Sends an alert when the domain goes offline.

forest string Provides the ADS forest.

home_directory_template string Specifies the home directory template path.

hostname string Provides the fully qualified hostname that isstored in the machine account.

id string Specifies the ID of the provider instance.

ignore_all_trusts Boolean Ignores all trusted domains.

ignored_trusted_domains Boolean Includes trusted domains whenignore_all_trusts is set to false.

include_trusted_domains Boolean Includes trusted domains whenignore_all_trusts is set to true.

ldap_sign_and_seal Boolean Uses encryption and signing on LDAP requests.

login_shell string Sets the login shell path.

lookup_domains string Limits user and group lookup to the specifieddomains.

lookup_groups Boolean Looks up ADS groups in other providers beforeallocating a GID.

lookup_normalize_groups Boolean Normalizes ADS group names to lowercasebefore lookup.

lookup_normalize_users Boolean Normalizes ADS user names to lowercasebefore lookup.




lookup_users Boolean Looks up ADS users in other providers beforeallocating a UID.

machine_account string Provides the SAM account name of themachine account.

machine_password_lifespan integer Sets the maximum age of a password.

name string Specifies the ADS provider name.

netbios_domain string Provides the NetBIOS domain name associatedwith the machine account.

nss_enumeration Boolean Enables the ADS provider to respond togetpwent and getgrent requests.

primary_domain string Provides the primary domain name.

sfu_support string Specifies whether to support RFC 2307attributes on ADS domain controllers.

site string Provides the ADS site.

status string Provides the status of the provider.

store_sfu_mappings Boolean Stores the SFU mappings permanently in the IDmapper.

system Boolean Indicates that the provider instance wascreated by OneFS and cannot be removed.

Auth ADS providers domains resourceThis resource applies the standard collection pattern to Active Directory service (ADS)domains.

Operation Method and URI- -Get all ADS provider's trusted domains GET /platform/1/auth/providers/

ads/<id>/domains

Get one ADS provider's trusted domain GET /platform/1/auth/providers/ads/<id>/domains/<ads-domain>

View the detailed JSON schema forauthentication providers ADS domains

GET /platform/1/auth/providers/ads/<id>/domains?describe


Object properties


dc_address string Provides the address for the domain controller.


Auth ADS providers domains resource 29


dc_name string Provides the name for the domain controller.

dc_site string Provides the site for the domain controller.

domain string Provides the name of the domain.

guid string Provides the group and user ID for the domain.

id string Provides a unique identifier for every domain returned.

netbios_name string Provides the NetBIOS name for the domain.

sid string Provides the security ID for the domain.

site string Provides the site for the domain.

status string Indicates whether the domain is online or offline.

trust_type string Specifies the type of trust with the domain. Options consist ofprimary, unknown, external, and forest.

Auth ADS providers controllers resourceThis resource applies the standard collection pattern to Active Directory service (ADS)controllers.

Operation Method and URI- -Get all domain controllers for a trusteddomain

GET /platform/1/auth/providers/ads/<domain-id>/controllers

View the detailed JSON schema forauthentication providers ADS controllers

GET /platform/1/auth/providers/ads/<domain-id>/controllers?describe

Query parameters

ParametersThere are no parameters for this resource.

Object properties


dc_address string Provides the address for the domain controller.

dc_name string Provides the name for the domain controller.

id string Provides the name for the domain controller.



Auth ADS providers search resourceThis resource performs searches within Active Directory service (ADS) providers.

Operation Method and URI- -Get objects that are searchable in domains GET /platform/1/auth/providers/

ads/<object>/search

View the detailed JSON schema forauthentication providers ADS search

GET /platform/1/auth/providers/ads/<object>/search?describe

Query parametersdomain

The domain to search in.

user

The username for the domain, if untrusted.

password

The password for the domain, if untrusted.

filter

The filter to use when performing a search. The filter must be in the form of an LDAPquery.

description

An optional description to search for.

search_users

If true, search for users.

search_groups

If true, search for groups.

limit


resume


Object properties

Property Type Type


description string Provides the description returned from the ActiveDirectory server.

display_name string Provides the display name returned from theActive Directory server.

id persona on page45

Properties for the persona.


Auth ADS providers search resource 31

Auth file providers resourceThis resource applies the standard collection pattern to authentication file providers.

Operation Method and URI- -Get one file provider GET /platform/1/auth/providers/

file/<provider-id>

Get all file providers GET /platform/1/auth/providers/file

Create a file provider POST /platform/1/auth/providers/file

Modify a file provider PUT /platform/1/auth/providers/file/<provider-id>

Delete a file provider DELETE /platform/1/auth/providers/file/<provider-id>

View the detailed JSON schema forauthentication providers file

GET /platform/1/auth/providers/file?describe


If specified as effective, or unspecified, all fields are shown. If specified as user, onlyfields with non-default values are shown. If specified as default, the default valuesare returned.

Object properties


authentication Boolean Enables authentication and identification throughthe provider.

cache_entry_expiry integer Specifies the amount of time to cache a user orgroup.


enabled Boolean Enables the file provider.

enumerate_groups Boolean Enables providers to enumerate groups.

enumerate_users Boolean Enables providers to enumerate users.

findable_groups string Sets a list of groups that can be resolved.

findable_users string Sets a list of users that can be resolved.

group_domain string Provides the domain used to qualify groups for thisprovider.

group_file string Provides the location of the file that contains groupinformation.




home_diretory_template string Specifies the home directory template path.

id string Specifies the file provider ID.

listable_groups string Specifies groups that can be viewed in the provider.

listable_users string Specifies users that can be viewed in the provider.


modifiable_groups string Specifies groups that can be modified in theprovider.

modifiable_users string Specifies users that can be modified in theprovider.

name string Specifies the name of the file provider.

netgroup_file string Provides the path to a netgroups replacement file.

normalize_groups Boolean Normalizes the group name to lowercase beforelookup.

normalize_users Boolean Normalizes the user name to lowercase beforelookup.

ntlm_support string Specifies the supported NTLM version for userswith NTLM-compatible credentials.

password_file string Provides the location of the file that contains userinformation.

provider_domain string Specifies the domain for the provider.

restrict_findable Boolean Checks the provider for filtered lists of findable andunfindable users and groups.

restrict_listable Boolean Checks the provider for filtered lists of listable andunlistable users and groups.

restrict_modifiable Boolean Checks the provider for filtered lists of modifiableand unmodifiable users and groups.


system Boolean Indicates that the provider instance was created byOneFS and cannot be removed.

unfindable_groups string Specifies a group that cannot be resolved by theprovider.

unfindable_users string Specifies a user that cannot be resolved by theprovider.

unlistable_groups string Specifies a group that cannot be listed by theprovider.

unlistable_users string Specifies a user who cannot be listed by theprovider.


Auth file providers resource 33


unmodifiable_groups string Specifies a group that cannot be modified by theprovider.

unmodifiable_users string Specifies a user who cannot be modified by theprovider.

user_domain string Provides the domain used to qualify users for thisprovider.

Auth LDAP providers resourceThis resource applies the standard collection pattern to individual Lightweight DirectoryAccess Protocol (LDAP) authentication providers.

Operation Method and URI- -Get one LDAP provider GET /platform/1/auth/providers/

ldap/<provider-id>

Get all LDAP providers GET /platform/1/auth/providers/ldap

Create an LDAP provider POST /platform/1/auth/providers/ldap

Modify an LDAP provider PUT /platform/1/auth/providers/ldap/<provider-id>

Delete an LDAP provider DELETE /platform/1/auth/providers/ldap/<provider-id>

View the detailed JSON schema for LDAPauthentication providers

GET /platform/1/auth/providers/ldap/<provider-id>?describe


If specified as effective, or unspecified, all fields are shown. If specified as user, onlyfields with non-default values are shown. If specified as default, the default valuesare returned.

Object properties


authentication Boolean Enables authentication and identificationthrough the provider.

balance_servers Boolean Connects the provider to a random server.

base_dn string Sets the root of the tree in which tosearch for identities.

bind_dn string Sets a distinguished name that is usedwhen binding to LDAP servers.




bind_mechanism string Provides the bind mechanism to usewhen connecting to an LDAP server. Theonly supported value is simple.

bind_password string Sets a password for a distinguished namethat is used when binding to LDAPservers.

bind_timeout integer Sets a timeout in seconds when bindingLDAP servers.

cache_entry_expiry integer Specify the amount of time to cache auser or group

certificate_authority_file string Set the path to the root certificates file.

check_online_interval integer Specifies the time between the provideronline checks.

cn_attribute string Specifies the canonical name.

create_home_directory Boolean Creates a home directory on the firstlogin.

crypt_password_attribute string Sets a hashed password value.

email_attribute string Sets the LDAP email attribute.

enabled Boolean Enables the LDAP provider.

enumerate_groups Boolean Enables the LDAP provider to enumerategroups.

enumerate_users Boolean Enables the LDAP provider to enumerateusers.



gecos_attribute string Sets the LDAP GECOS attribute.

gid_attribute string Sets the LDAP GID attribute.

group_base_dn string Sets a distinguished name for the entrywhere LDAP searches for groups begins.

group_domain string Provides the domain used to qualifygroups for this provider.

group_filter string Sets the LDAP filter for group objects.

group_members_attribute string Sets the LDAP Group Members attribute.

group_search_scope string Defines the depth from the base DN toperform LDAP searches.

home_directory_template string Specifies the home directory templatepath.


Auth LDAP providers resource 35


homedir_attribute string Sets the LDAP Homedir attribute.

id string Specifies the ID of the LDAP provider.

ignore_tls_errors string Continues over secure connections, evenif the identity check fails.

listable_groups string Specifies groups that can be viewed inthe provider.

listable_users string Specifies users that can be viewed in theprovider.


name string Specifies the name of the LDAP provider.

name_attribute string Sets the LDAP UID attribute, which is usedas the login name.

netgroup_base_dn string Sets a distinguished name for the entrywhere LDAP searches for netgroupsbegins.

netgroup_filter string Sets the LDAP filter for netgroup objects.

netgroup_members_attribute string Sets the LDAP Netgroup Membersattribute.

netgroup_search_scope string Defines the depth from the base DN toperform LDAP searches.

netgroup_triple_attribute string Sets the LDAP Netgroup Triple attribute.

normalize_groups Boolean Normalizes group names to lowercasebefore lookup.

normalize_users Boolean Normalizes user names to lowercasebefore lookup.

nt_password_attribute string Setsthe LDAP NT Password attribute.

ntlm_support string Specifies the supported NTLM version forusers with NTLM-compatible credentials.

provider_domain string Specifies the provider domain.

require_secure_connection Boolean Specifies whether to continue over a non-TLS connection.

restrict_findable Boolean Checks the provider for filtered lists offindable and unfindable users andgroups.

restrict_listable Boolean Checks the provider for filtered lists oflistable and unlistable users and groups.

search_scope string Defines the default depth from the baseDN to perform LDAP searches.




search_timeout integer Sets the search timeout period.

server_uris string Sets the server URIs.

shell_attribute string Sets the LDAP shell attribute.


system Boolean Indicates that the provider instance wascreated by OneFS and cannot beremoved.

uid_attribute string Sets the LDAP UID Number attribute.

unfindable_groups string Specifies groups that cannot be resolvedby the provider.

unfindable_users string Specifies users who cannot be resolvedby the provider.

unique_group_members_attribute string Sets the LDAP Unique Group Membersattribute.

unlistable_groups string Specifies a group that cannot be listed bythe provider.

unlistable_users string Specifies a user who cannot be listed bythe provider.

user_base_dn string Sets a distinguished name for the entrywhere LDAP searches for users begins.

user_domain string Provides the domain used to qualify usersfor this provider.

user_filter string Sets the LDAP filter for user objects.

user_search_scope string Defines the depth from the base DN toperform LDAP searches.

Auth local providers resourceThis resource applies the standard collection pattern to local authentication providers.

Operation Method and URI- -Get one local provider GET /platform/1/auth/providers/

local/<file-id>

Get all local providers GET /platform/1/auth/providers/local

Create a local provider POST /platform/1/auth/providers/local

Modify a local provider PUT /platform/1/auth/providers/local/<file-id>


Auth local providers resource 37

Operation Method and URI- -Delete a local provider DELETE /platform/1/auth/

providers/local/<file-id>

View the detailed JSON schema for localauthentication providers local

GET /platform/1/auth/providers/local?describe


If this parameter is specified as effective, or if it is not specified, all export fields areshown. If this parameter is specified as user, only fields with non-default values areshown. If this parameter is specified as default, the original values are returned.

Object properties





id string Specifies the ID for the local provider.

lockout_duration integer Sets the length of time in seconds that an accountis inaccessible after multiple failed login attempts.

lockout_threshold integer Sets the number of failed login attemptsnecessary for an account to be locked out.

lockout_window integer Sets the time in seconds in whichlockout_threshold failed attempts must be madefor an account to be locked out.


machine_name string Specifies the Active Directory account name forthe machine.

max_password_age integer Sets the maximum password age in seconds.

min_password_age integer Sets the minimum password age in seconds.

min_password_length integer Sets the minimum password length.

name string Specifies the name of the local provider.

password_prompt_time integer Specifies time in seconds remaining before beingprompted to change the password.


system Boolean Indicates that the provider instance was createdby OneFS and cannot be removed.



Auth NIS providers resourceThis resource applies the standard collection pattern to Network Information Service (NIS)authentication providers.

Operation Method and URI- -Get one NIS provider GET /platform/1/auth/providers/

nis/<nis-name>

Get all NIS providers GET /platform/1/auth/providers/nis

Create an NIS provider POST /platform/1/auth/providers/nis

Modify an NIS provider PUT /platform/1/auth/providers/nis/<nis-name>

Delete an NIS provider DELETE /platform/1/auth/providers/nis/<nis-name>

View the detailed JSON schema for NISauthentication providers

GET /platform/1/auth/providers/nis?describe



Object properties



balance_servers Boolean Enables the provider to connect to a randomserver.

cache_entry_expiry integer Specifies the amount of time in seconds to cachea user or group.

check_online_interval integer Specifies the amount of time in seconds betweenprovider online checks.

create_home_directory integer Creates a home directory on first login.

enabled Boolean Enables the NIS provider.

enumerate_groups Boolean Enables the provider to enumerate groups.

enumerate_users Boolean Enables the provider to enumerate users.



Auth NIS providers resource 39



group_domain string Provides the domain used to qualify groups forthis provider.


hostname_lookup Boolean Enables host name lookups.

id string Specifies the NIS provider ID.

listable_groups string Specifies groups that can be viewed in theprovider.

listable_users string Specifies users that can be viewed in the provider.


name string Specifies the NIS provider name.

nis_domain string Specifies the NIS domain name.

normalize_groups Boolean Normalizes the group name to lowercase beforelookup.

normalize_users Boolean Normalizes the user name to lowercase beforelookup.

ntlm_support string Specifies the NTLM version for users with NTLM-compatible credentials.

provider_domain string Specifies the provider domain.

request_timeout integer Specifies the request timeout interval in seconds.

restrict_findable Boolean Checks the provider for filtered lists of findableand unfindable users.

restrict_listable Boolean Checks the provider for filtered lists of listable andunlistable users.

retry_time integer Sets timeout period in seconds after which arequest is retried.

servers string Provides a list of NIS servers to be used by thisprovider.

check_online_interval integer Specifies the amount of time in seconds betweenprovider online checks.


system string Indicates that the provider instance was createdby OneFS and cannot be removed.

unfindable_groups string Specifies a group that cannot be resolved by theprovider.

unfindable_users string Specifies a user that cannot be resolved by theprovider.




unlistable_groups string Specifies a group that cannot be listed by theprovider.

unlistable_users string Specifies a user that cannot be resolved by theprovider.

user_domain string Provides the domain used to qualify users for thisprovider.

ypmatch_using_tcp Boolean Uses TCP for YP match operations.

Auth roles resourceThis resource applies the standard collection pattern to roles.

Operation Method and URI- -Get one role GET /platform/1/auth/roles/<role-

id>

Get all roles GET /platform/1/auth/roles

Create a role POST /platform/1/auth/roles

Modify a role PUT /platform/1/auth/roles/<role-id>

Delete a role DELETE /platform/1/auth/roles/<role-id>

View the detailed JSON schema forauthentication roles

GET /platform/1/auth/roles?describe

Query parametersresolve_names

Filters users by zone.

resume

Continue returning results from the previous call (cannot be used with other options).

Object properties



roles roles on page 48 Properties for roles.


Auth roles resource 41

Auth roles members resourceThis resource applies the standard collection pattern to members of roles.

Operation Method and URI- -Get the members of a role GET /platform/1/auth/roles/

<member-id>/members

Add a member to a role POST /platform/1/auth/roles/<member-id>/members

Remove a member from a role DELETE /platform/1/auth/roles/<member-id>/members/<persona-id>

View the detailed JSON schema forauthentication roles members

GET /platform/1/auth/roles/<member-id>/members?describe

Query parametersresolve_names

Resolves the names of personas.

Object properties


members persona on page 45 Properties for users or groups that have this role.

Auth roles privileges resourceThis resource applies the standard collection pattern to the privileges that belong to arole.

Operation Method and URI- -Get the privileges of a role GET /platform/1/auth/roles/<id>/

privileges

Add a privilege to a role POST /platform/1/auth/roles/<id>/privileges

Remove a privilege from a role DELETE /platform/1/auth/roles/<id>/privileges/<privilege-id>

View the detailed JSON schema forauthentication roles privileges

GET /platform/1/auth/roles/<id>/privileges?describe

Query parametersresume

Continue returning results from the previous call (cannot be used with other options).



Object properties



privileges privilege on page 45 Properties for the privileges granted by this role.

Auth global settings resourceThis resource contains global authentication settings.

Operation Method and URI- -Get global settings GET /platform/1/auth/settings/

global

Modify global settings PUT /platform/1/auth/settings/global

View the detailed JSON schema for globalsettings for authentication

GET /platform/1/auth/settings/global?describe



Object properties


alloc_retries integer Sets the number of times to retry an ID allocationbefore failing.

cache_cred_lifetime integer Sets the length of time in seconds to cache credentialresponses from the ID mapper.

cache_id_lifetime integer Sets the length of time in seconds to cache IDresponses from the ID mapper.

gid_range_enabled Boolean Enables the use of a fixed range for allocating a GID.

gid_range_max integer Specifies the ending number for allocating a GID.

gid_range_min integer Specifies the starting number for allocating a GID.

gid_range_next integer Specifies the next GID to be allocated.

group_uid integer Provides the UID to use when the kernel must retrievea UID for a group.

load_providers array Controls which providers are loaded by theauthentication daemon (lsassd).


Auth global settings resource 43


min_mapped_rid integer Starts RID in the local domain to map a UID and a GID.

null_gid integer Provides the alternative GID to use when the kernel isunable to retrieve a GID for a persona.

null_uid integer Provides the alternative UID to use when the kernel isunable to retrieve a UID for a persona.

on_disk_identity string Specifies the type of identity that is stored on disk.

rpc_block_time integer Provides the minimum amount of time in millisecondsto wait before performing an oprestart.

rpc_max_requests integer Provides the maximum number of outstanding RPCrequests.

rpc_timeout integer Provides the maximum amount of time in seconds towait for an idmap response.

send_ntlmv2 Boolean Specifies whether to send NTLMv2 responses.

space_replacement string Sets space replacement character.

system_gid_threshold integer Provides the minimum GID to attempt to lookup in theidmap database.

system_uid_threshold integer Provides the minimum UID to attempt to lookup in theidmap database.

uid_range_enabled Boolean Enables a fixed range for allocating UIDs.

uid_range_max integer Specifies the ending number for allocating a UID.

uid_range_min integer Specifies the starting number for allocating a UID.

uid_range_next integer Specifies the next UID to allocate.

unknown_gid integer Specifies the GID to use for an unknown oranonymous group.

unknown_uid integer Specifies the UID to use for an unknown oranonymous user.

workgroup string Sets the NetBIOS workgroup or domain.

Auth shells resourceThis resource returns the list of supported shells.

Operation Method and URI- -Get a list of the possible values for user shells GET /platform/1/auth/shells

View the detailed JSON schema forauthentication shells

GET /platform/1/auth/shells?describe




Object properties


shells string Provides a list of supported shells.

Auth wellknowns resourceThis resource applies the standard collection pattern to wellknown personas.

Operation Method and URI- -Get wellknown SIDs GET /platform/1/auth/wellknowns

View the detailed JSON schema forauthentication wellknown SIDs

GET /platform/1/auth/wellknowns?describe


Object properties

Property Type Type

persona persona on page 45 Properties for the persona.

Persona propertiesObject properties for personas.


id string Provides the serialized form of the persona (such as 'UID:0','USER:name', 'GID:0', 'GROUP:wheel', 'SID:S-1-1').

name string Provides the persona name, which must be combined with a type.

type string Provides the type of persona, which must be combined with a name.

Privilege propertiesObject properties for privileges.


id string Provides the ID of the privilege.

name string Provides the name of the privilege.

read-only Boolean True if the privilege is read-only.


Auth wellknowns resource 45

Groups propertiesObject properties for groups.


dn string Provides the distinguished name for the user.

dns_domain string Provides the DNS domain for the object.

domain string Provides the domain of the group.

generated_gid boolean Indicates if the GID was generated.

gid persona on page45


id string Provides the system ID given to the user orgroup. In a POST request, this value refers tothe item in the collection item resource path.

member_of persona on page45

Properties for groups that this user or groupare members of.

name string Provides a user or group name.

provider string Specifies an authentication provider.

sam_account_name string Provides a user or group name.

sid persona on page45

Properties for the security identifier.

type string Indicates the object type.

Users propertiesObject properties for users.


dn string Provides the distinguished name forthe user.

dns_domain string Provides the DNS domain of the object.

domain string Provides the domain of the group.

email string Specifies an email address.

enabled Boolean True if the user is enabled.

expired Boolean True if the password for the user hasexpired.

expiry integer Provides the alternative name to createfor each snapshot.

gecos string Sets the GECOS value, which is usuallythe full name.




generated_gid Boolean Indicates if the GID was generated.

generated_uid Boolean Indicates if the UID was generated.

gid persona onpage 45


home_directory string Specifies the home directory for theuser.

id string Provides the system ID given to theuser or group. In a POST request, thisvalue is the ID that refers to the item inthe collection item resource path.

locked Boolean Specifies if the account is locked.

max_password_age integer Provides the maximum age in secondsallowed for the password before thepassword expires.

member_of persona onpage 45

Properties for groups that this user orgroup are members of.

name string Provides a user or group name.

password_expired Boolean Specifies whether the password hasexpired.

password_expires Boolean Specifies whether the password isallowed to expire.

password_last_set integer Specifies the last time the passwordwas set.

primary_group_sid persona onpage 45

Properties for the security ID of theprimary group for the user.

prompt_password_change Boolean Prompts a password change for theuser at the next log in.

provider string Specifies an authentication provider.

sam_account_name string Provides a user or group name.

shell string Sets the path to the shell for the user.

sid persona onpage 45

Properties for the security identifier.

type string Indicates the object type.

uid persona onpage 45

Properties for the user ID.

upn string Provides the principal name for theuser.


Users properties 47


user_can_change_password Boolean Specifies whether the password for theuser can be changed.

Domain propertiesObject properties for domains.


domain integer Provides the domain name.

user string Provides the user name for the domain.

Option propertiesObject properties for options.

Create rules for specified users. For example, &= for join a group, ++ for append a group,-- for remove a group.


break Boolean Stops processing further rules and immediatelycreates a final token if a rule is applied successfully.

default_user domain on page48

Substitutes this user if the second user in a rule isnot found.

group Boolean Specifies that the primary GID and primary group SIDare copied to the existing credential.

groups domain on page48

Specifies that all additional identifies are copied tothe existing credential.

user domain on page48

Maps users in the format of domain\user(n), where nis the user number. For example, user1.

Roles propertiesObject properties for roles.


id string Provides the ID of the role.

name string Provides the name of the role.

members persona on page 45 Properties for users or groups that have this role.

privileges privilege on page 45 Properties for the privileges granted by this role.



CHAPTER 4

NFS resources

These resources allow users to retrieve, create, modify, or delete NFS exportconfigurations and settings.

u NFS exports summary resource..............................................................................50u NFS export resource..............................................................................................50u NFS NLM locks resource........................................................................................51u NFS NLM lock waiters resource..............................................................................52u NFS NLM sessions resource...................................................................................53u NFS default export settings resource.....................................................................53u NFS global settings resource.................................................................................56u NFS exports configuration check resource.............................................................57u NFS reload resource..............................................................................................57u NFS export properties............................................................................................58u NLM locks properties.............................................................................................61u NLM waiter properties...........................................................................................61u NLM session properties.........................................................................................62u NFS map properties...............................................................................................62

NFS resources 49

NFS exports summary resourceThis resource returns summary information for NFS exports.

Operations Method and URI- -Get the NFS exports summary GET /platform/1/protocols/nfs/exports-

summary

View the detailed JSON schema for theNFS exports summary

GET /platform/1/protocols/nfs/exports-summary?describe


Object properties


count integer Provides the total number of exports in the system.

NFS export resourceThis resource applies the standard collection pattern to NFS exports.

Operation Method and URI- -Get one NFS export GET /platform/1/protocols/nfs/exports/

<export-id>

Get a list of NFS exports GET /platform/1/protocols/nfs/exports

Create an NFS export POST /platform/1/protocols/nfs/exports

Modify an NFS export PUT /platform/1/protocols/nfs/exports

Delete an NFS export DELETE /platform/1/protocols/nfs/exports/<export-id>

View the detailed JSON schema forNFS exports

GET /platform/1/protocols/nfs/exports?describe

View the detailed JSON schema for asingle NFS exports object

GET /platform/1/protocols/nfs/exports/<export-id>?describe

Query parameterssort

Order results by this field. The default sort value is id.

dir

The sort order direction are ascending (ASC) or descending (DESC). The defaultsetting is ascending.

check

Check for conflicts when listing exports.

scope

NFS resources


If this parameter is specified as effective, or if it is unspecified, all export fields areshown. If this parameter is specified as user, only fields with non-default values areshown.

force

Override client and username conflicts or errors when creating or modifying anexport.

limit


resume

Continue returning results from previous requests (cannot be used with otherparameters).

Object properties


total integer Provides the total number of exports configured.


exports exports on page 58 Properties for a single export.

NFS NLM locks resourceThis resource applies the standard collection pattern to NFS Network Lock Manager (NLM)advisory locks.

Operation Method and URI- -Get a list of NFS advisory locks GET /platform/1/protocols/nfs/nlm/locks

View the detailed JSON schema forNLM locks on NFS

GET /platform/1/protocols/nfs/nlm/locks?describe


Order results by this field.

dir

Direction for the sort order is ascending (ASC) or descending (DESC). The defaultsetting is ascending.

limit


resume

Continue returning results from previous request (cannot be used with otherparameters).

NFS resources

NFS NLM locks resource 51

Object properties


total integer Provides the total number of locks available.


locks locks on page 61 Properties for NLM locks.

NFS NLM lock waiters resourceThis resource applies the standard collection pattern to NFS Network Lock Manager (NLM)lock waiters.

Operation Method and URI- -Get a list of NLM lock waiters on NFS GET /platform/1/protocols/nfs/nlm/

waiters

View the detailed JSON schema forNLM lock waiters on NFS

GET /platform/1/protocols/nfs/nlm/waiters?describe



dir

Direction for the sort order are ascending (ASC) or descending (DESC). The defaultsetting is ascending.

limit


resume


Object properties


total integer Provides the total number of lock waiters available.


waiters waiters on page 61 Properties for NFS NLM lock waiters.

NFS resources


NFS NLM sessions resourceThis resource applies the standard collection pattern to NFS Network Lock Manager (NLM)sessions.

Operation Method and URI- -Get a list of NFS NLM sessions GET /platform/1/protocols/nfs/nlm/sessions

Delete an NFS NLM session DELETE /platform/1/protocols/nfs/nlm/sessions/<session-id>

View the detailed JSON schema forNFS NLM sessions

GET /platform/1/protocols/nfs/nlm/sessions?describe

View the detailed JSON schema foran NFS NLM session

GET /platform/1/protocols/nfs/nlm/sessions/<session-id>?describe



dir

Direction for the sort order are ascending (ASC) or descending (DESC). The defaultsetting is ascending.

limit


resume


Object properties


total integer Provides the total number of sessions to display.


sessions sessions on page 62 Properties for a single share.

NFS default export settings resourceThis resource applies the standard system object pattern to default NFS export settings.These settings are applied to all new exports, unless otherwise specified.

Operation Method and URI- -Get default NFS export settings GET /platform/1/protocols/nfs/settings/

export

Modify default NFS export settings PUT /platform/1/protocols/nfs/settings/export

NFS resources

NFS NLM sessions resource 53

Operation Method and URI- -View the detailed JSON schema fordefault NFS export settings

GET /platform/1/protocols/nfs/settings/export?describe


When specified as effective, or not specified, all fields are returned. When specifiedas user, only fields with non-default values are shown. When specified as default, theoriginal values are returned.

Object properties


all_dirs Boolean True if all directories under the specified pathsare mountable.

block_size integer Provides the block size returned by the NFSstatfs call. This value is used to advise the clientof optimal settings for the server, but is notenforced.

can_set_time Boolean True if the client may set file times using the NFSset attribute request. When set to false, theserver ignores the setting and behaves as if thevalue is set to true. This value is used to advisethe client of optimal settings for the server, but isnot enforced.

commit_asynchronous Boolean True if NFS commit requests executeasynchronously.

directory_transfer_size integer Provides the preferred size for directory readoperations. This value is used to advise theclient of optimal settings for the server, but is notenforced.

encoding string Provides the default character set encoding ofthe clients connecting to the export, unlessotherwise specified.

map_lookup_uid Boolean True if incoming UIDs are mapped to users in theOneFS user database. When set to false,incoming UIDs are applied directly to fileoperations.

map_retry Boolean Determines whether searches for the usersspecified in map_all or map_root are retried ifthe search fails.

map_all map onpage 62

Provides the users and groups that are mappedto non-root clients.

NFS resources



map_full Boolean True if user mappings query the OneFS userdatabase. When set to false, user mappingsquery only local authentication.

map_root map onpage 62

Provides the users and groups that are mappedto root clients.

max_file_size integer Provides the maximum file size for any fileaccessed from the export.

read_only Boolean True if the export is read-only.

readdirplus Boolean True if readdirplus requests are enabled.Enabling this property may improve networkperformance and is available only for NFSv3.

readdirplus_prefetch integer Sets the number of directory entries that areprefetched when a readdirplus request isprocessed.

return_32bit_file_ids Boolean Limits the size of file identifiers returned byNFSv3+ to 32-bit values.

read_transfer_max_size integer Provides the maximum buffer size that clientsshould use on NFS read requests. This value isused to advise the client of optimal settings forthe server, but is not enforced.

read_transfer_multiple integer Provides the preferred multiple size for NFS readrequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

read_transfer_size integer Provides the preferred size for NFS readrequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

security_flavors array Provides the authentication types that aresupported for this export.

setattr_asynchronous Boolean True if set attribute operations executeasynchronously.

symlinks Boolean True if symlinks are supported. This value isused to advise the client of optimal settings forthe server, but is not enforced.

time_delta integer Provides the resolution of all time values that arereturned to the client.

write_datasync_action string Provides the action to be taken when an NFSv3+datasync write is requested.

write_datasync_reply string Provides the stability disposition returned whenan NFSv3+ datasync write is processed.

NFS resources

NFS default export settings resource 55


write_filesync_action string Provides the action to be taken when an NFSv3+filesync write is requested.

write_filesync_reply string Provides the stability disposition returned whenan NFSv3+ filesync is processed.

write_unstable_action string Provides the action taken when an NFSx3+unstable write is processed.

write_unstable_reply string Provides the stability disposition returned whenan NFSv3+ unstable write is requested.

write_transfer_max_size integer Provides the maximum buffer size that clientsare recommended to use on NFS write requests.This value is used to advise the client of optimalsettings for the server, but is not enforced.

write_transfer_multiple integer Provides the preferred multiple size for NFS writerequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

write_transfer_size integer Provides the preferred size for NFS writerequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

NFS global settings resourceThis resource applies the standard system object pattern to global NFS settings.

Operation Method and URI- -Get default NFS export settings GET /platform/1/protocols/nfs/settings/

global

Modify default NFS exportsettings

PUT /platform/1/protocols/nfs/settings/global

View the detailed JSON schemafor global NFS exports

GET /platform/1/protocols/nfs/settings/global?describe


When specified as effective, or not specified, all fields are returned. When specifiedas user, only fields with non-default values are shown. When specified as default, theoriginal values are returned.

Object properties


service Boolean Enables the NFS service. When set to false, disables the NFSservice.

NFS resources



nfsv2_enabled Boolean Enables NFSv2. When set to false, disables NFSv2.



nfsv4_domain string Provides the domain used to associate users and groups.

lock_protection integer Provides the number of nodes that can fail in the clusterwithout losing lock functionality.

rpc_minthreads integer Provides the minimum number of threads in the nfsd threadpool.

rpc_maxthreads integer Provides the maximum number of threads in the nfsd threadpool.

NFS exports configuration check resourceThis resource returns information on the status and validity of current NFS exports. Eachexport with an error is reported along with the first error encountered during the check.

Operation Method and URI- -Check NFS exports for configuration errors GET /platform/1/protocols/nfs/check

View the detailed JSON schema for NFSexports configuration check

GET /platform/1/protocols/nfs/check?describe


Object properties


id string Provides the system ID given to the export. In a POST request, thisvalue is the ID that refers to the item in the collection item resourcepath.

message string Provides a description of the conflict or error encountered.

NFS reload resourceThis resource is used to reload cached export information. The netgroup cache is updatedagainst the remote provider and hosts are updated against the DNS if the time to live(TTL) has expired. Netgroups are automatically refreshed on an interval specified by thenetgroup expiration option. DNS hosts are intermittently refreshed. Local exportinformation, such as options specified with exports create or exports modify, is updatedimmediately following the action.

NFS resources

NFS exports configuration check resource 57

Operation Method and URI- -Reload NFS exports POST /platform/1/protocols/nfs/

reload

View the detailed JSON schema for NFSexport reload

GET /platform/1/protocols/nfs/reload?describe


Object propertiesThere are no properties for this resource.

NFS export propertiesObject properties for NFS exports.


id integer Provides the system ID given to the export. In aPOST request, this value is the ID that refers tothe item in the collection item resource path.

description string Provides the user defined string that is used toidentify the export.

paths string Provides the paths under /ifs that are exported.

force string True if the export is created, even when inconflict with another export, path, client, or user.

clients string Provides the clients with access to the export.

root_clients array Provides the clients with root access to theexport.

read_only_clients array Provides the clients with read-only access to theexport.

read_write_clients array Provides the clients with both read and writeaccess to the export, even when the export is setto read-only.

unresolved_clients array Provides the clients that cannot be resolved byhostname to an IP address.

conflicting_paths string Provides the paths that conflict with anotherexport.

all_dirs Boolean True if all directories under the specified pathsare mountable.

block_size integer Provides the block size returned by the NFSstatfs procedure. This value is used to advise theclient of optimal settings for the server, but isnot enforced.

NFS resources



can_set_time Boolean True if the client may set file times using the NFSset attribute request. When set to false, theserver ignores the setting and behaves as if thevalue is set to true. This value is used to advisethe client of optimal settings for the server, butis not enforced.

commit_asynchronous Boolean True if NFS commit requests executeasynchronously.

directory_transfer_size integer Provides the preferred size for directory readoperations. This value is used to advise theclient of optimal settings for the server, but isnot enforced.

encoding string Provides the default character set encoding ofthe clients connecting to the export, unlessotherwise specified.

map_lookup_uid Boolean True if incoming UIDs are mapped to users in theOneFS user database. When set to false,incoming UIDs are applied directly to fileoperations.

map_retry Boolean Determines whether searches for the usersspecified in map_all or map_root are retried ifthe search fails.

map_all map onpage 62

Provides the users and groups that are mappedto non-root clients.

map_full Boolean True if user mappings query the OneFS userdatabase. When set to false, user mappings onlyquery local authentication.

map_root map onpage 62

Provides the users and groups that are mappedto root clients.

max_file_size integer Provides the maximum file size for any fileaccessed from the export.

read_only Boolean True if the export is read-only.

readdirplus Boolean True if readdirplus requests are enabled.Enabling this property may improve networkperformance and is only available for NFSv3.

readdirplus_prefetch integer Sets the number of directory entries that areprefetched when a readdirplus request isprocessed.

return_32bit_file_ids Boolean Limits the size of file identifiers returned byNFSv3+ to 32-bit values.

read_transfer_max_size integer Provides the maximum buffer size that clientsshould use on NFS read requests. This value is

NFS resources

NFS export properties 59


used to advise the client of optimal settings forthe server, but is not enforced.

read_transfer_multiple integer Provides the preferred multiple size for NFS readrequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

read_transfer_size integer Provides the preferred size for NFS readrequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

security_flavors array Provides the authentication flavors, or types,that are supported for this export.

setattr_asynchronous Boolean True if set attribute operations executeasynchronously.

symlinks Boolean True if symlinks are supported. This value isused to advise the client of optimal settings forthe server, but is not enforced.

time_delta integer Provides the resolution of all time values that arereturned to the client.

write_datasync_action string Provides the action to be taken when an NFSv3+datasync write is requested.

write_datasync_reply string Provides the stability disposition returned whenan NFSv3+ datasync write is processed.

write_filesync_action string Provides the action to be taken when an NFSv3+filesync write is requested.

write_filesync_reply string Provides the stability disposition returned whenan NFSv3+ filesync is processed.

write_unstable_action string Provides the action taken when an NFSx3+unstable write is processed.

write_unstable_reply string Provides the stability disposition returned whenan NFSv3+ unstable write is requested.

write_transfer_max_size integer Provides the maximum buffer size that clientsshould use on NFS write requests. This value isused to advise the client of optimal settings forthe server, but is not enforced.

write_transfer_multiple integer Provides the preferred multiple size for NFS writerequests. This value is used to advise the clientof optimal settings for the server, but is notenforced.

write_transfer_size integer Provides the preferred size for NFS writerequests. This value is used to advise the client

NFS resources



of optimal settings for the server, but is notenforced.

NLM locks propertiesObject properties for NLM locks.


id string Provides the system ID given to the lock. In a POST request, thisvalue is the ID that refers to the item in the collection item resourcepath.

client string Provides the client host name and IP address.

client_id string Provides the client ID.

lock_type string Provides the type of lock.

range integer Provides the byte range within the locked file.

path string Provides the path under /ifs that is locked.

created integer Provides the UNIX Epoch time the lock was created.

lin string Provides the LIN in /ifs that is locked.

NLM waiter propertiesObject properties for NLM waiters.










NFS resources

NLM locks properties 61

NLM session propertiesObject properties for NLM waiters.










NFS map propertiesObject properties for map all and map root.


groups string Provides the name of the group that non-root clients are mapped to.

user string Provides the name of the user that non-root clients are mapped to.

NFS resources


CHAPTER 5

SMB resources

These resources allow users to retrieve, create, modify, or delete SMB shareconfigurations and settings.

u SMB shares summary resource.............................................................................64u SMB shares resource.............................................................................................64u SMB open files resource........................................................................................65u SMB sessions resource.........................................................................................66u SMB share settings resource.................................................................................67u SMB global settings resource................................................................................69u Share properties...................................................................................................70u Run as root properties...........................................................................................72u Permissions properties..........................................................................................73u Trustee properties.................................................................................................73u Open files properties.............................................................................................73u Sessions properties..............................................................................................73

SMB resources 63

SMB shares summary resourceThis resource returns summary information for SMB shares.

Operation Method and URI- -Get the SMB shares summary GET /platform/1/protocols/smb/shares-

summary

View the detailed JSON schema for theSMB shares summary

GET /platform/1/protocols/smb/shares-summary?describe

Query parametersThere are no query parameters for this resource.

Object properties


count integer Provides the total number of shares in the system.

SMB shares resourceThis resource applies the standard collection pattern to SMB shares.

Operation Method and URI- -Get a single SMB share GET /platform/1/protocols/smb/shares/

<share-name>

Get a list of SMB shares GET /platform/1/protocols/smb/shares

Create an SMB share POST /platform/1/protocols/smb/shares

Modify an SMB share PUT /platform/1/protocols/smb/shares/<share-name>

Delete an SMB share DELETE /platform/1/protocols/smb/shares/<share-name>

View the detailed JSON schema forSMB shares

GET /platform/1/protocols/smb/shares?describe

View the detailed JSON schema foran SMB share object

GET /platform/1/protocols/smb/shares/<share-name>?describe


Order results by this field. The default value is id.

dir

Directions for the sort order are ascending (ASC) or descending (DESC). The defaultsetting is ascending.

zone

An optionally named zone to use for user and group resolution.

SMB resources


scope

If this parameter is specified as effective, or if it is unspecified, all export fields areshown. If this parameter is specified as user, only fields with non-default values areshown. If this parameter is specified as default, the original values are returned.

resolve_names

When this parameter is set to true, the group and user names are resolved.

limit

Return no more than this many results at one time. (See resume.)

resume


Object properties


total integer Provides the total number of shares displayed.


share share on page 70 Properties for a single share.

SMB open files resourceThis resource returns a listing of all files that are currently open through SMB on thequeried node.

Operation Method and URI- -Get a list of files opened throughSMB

GET /platform/1/protocols/smb/openfiles

Close a file opened through SMB DELETE /platform/1/protocols/smb/openfiles/<file-id>

View the detailed JSON schema forSMB open files

GET /platform/1/protocols/smb/openfiles?describe

View the detailed JSON schema foran SMB open file object

GET /platform/1/protocols/smb/openfiles/<file-id>?describe


Order results by this field. The default value is id.

dir


limit


resume

SMB resources

SMB open files resource 65


Object properties


total integer Provides the total number of open files available.

resume string Provides the value for the resume argument to beused for continuation calls.

openfiles openfiles on page 73 Properties for SMB open files.

SMB sessions resourceThis resource returns a listing of all SMB sessions that are currently open on the queriednode.

Operation Method and URI- -Get a list of SMB sessions GET /platform/1/protocols/smb/sessions

Close an SMB session user DELETE /platform/1/protocols/smb/sessions/<computer>/<user>

Close an SMB session computer DELETE /platform/1/protocols/smb/sessions/<computer>

View the detailed JSON schemafor the SMB session

GET /platform/1/protocols/smb/sessions?describe

View the detailed JSON schemafor the SMB session user

GET /platform/1/protocols/smb/sessions/<computer>/<user>?describe

View the detailed JSON schemafor the SMB session computer

GET /platform/1/protocols/smb/sessions/<computer>?describe


Order results by this field. The default sort value is id.

dir


limit


resume


SMB resources


Object properties


total integer Provides the total number of sessions available.

resume string Provides the value for the resume argument to beused for continuation calls.

sessions sessions on page 73 Properties for SMB sessions.

SMB share settings resourceThis resource applies the standard system object pattern to default SMB share settings.

Operation Method and URI- -Get SMB share settings GET /platform/1/protocols/smb/settings/

share

Modify SMB share settings PUT /platform/1/protocols/smb/settings/share

View the detailed JSON schema forSMB share settings

GET /platform/1/protocols/smb/settings/share?describe



Object properties


allow_execute_always Boolean Enables users to execute files thatthey have read rights for.

strict_locking Boolean Specifies whether byte range lockscontend against SMB I/O.

hide_dot_files Boolean Hides files and directories that beginwith a period.

impersonate_guest string Specifies the condition in which useraccess is performed as the guestaccount.

strict_flush Boolean Determines whether the data isalways flushed to disk.

mangle_byte_start integer The starting value for the automaticbyte mangling range (in decimalnotation).

SMB resources

SMB share settings resource 67


directory_create_mask integer Specifies the permission bits (indecimal notation) that can be setwhen a directory is created.

directory_create_mode integer Specifies the permission bits that areset when a directory is created.

file_create_mask integer Specifies the permission bits (indecimal notation) that can be setwhen a file is created.

file_create_mode integer Specifies the permission bits that areset when a file is created.

create_permissions string Determines how permissions are setfor new files and directories in theSMB share.

mangle_map array Specifies the character mangle map.

impersonate_user string Specifies the user account to be usedas a guest account.

change_notify string Specifies the level of changenotification alerts on the SMB share.

oplocks Boolean Specifies whether or not to supportoplocks.

allow_delete_readonly Boolean Specifies whether read-only files inthe SMB share can be deleted.

ntfs_acl_support Boolean Supports NTFS Access Control List(ACL) on files and directories.

access_based_enumeration Boolean Enumerates only the files and foldersthat the requesting user has accessto, but does not apply to the rootdirectory of the share.

access_based_enumeration_root_only Boolean Specifies whether access-basedenumeration is used in the rootdirectory of the SMB share.

host_acl array Provides a list of hostnames,subnets, or IP addresses that areallowed or denied access to theshare. All of these types are allowedunless specifically denied. It isrecommended that a deny clause bethe final entry in the list.

SMB resources


SMB global settings resourceThis resource applies the standard system object pattern to the global SMB sharesettings.

Operation Method and URI- -Get the global SMB settings GET /platform/1/protocols/smb/settings/

global

Modify the global SMB settings PUT /platform/1/protocols/smb/settings/global

View the detailed JSON schema for theSMB share summary

GET /platform/1/protocols/smb/settings/global?describe


When specified as effective, or when not specified, all the fields are returned. Whenspecified as user, only the fields with non-default values are returned. Whenspecified as default, the original values are returned.

Object properties and structure


service Boolean Specifies whether the SMB service is enabled.

access_based_share_enum Boolean Enumerates only shares that the requesting userhas access to.

audit_fileshare string Specifies the level of file share audit events tolog.

audit_logon string Specifies the level of logon audit events to log.

dot_snap_accessible_child Boolean Enables access to .snapshot directories in SMBshare subdirectories. This property does notaffect the root directory of the SMB share.

dot_snap_accessible_root Boolean Enables access to the .snapshot directory in theroot of all the SMB shares.

dot_snap_visible_child Boolean Shows .snapshot directories in the SMB sharesubdirectories. This property does not affect theroot directory of the SMB share.

dot_snap_visible_root Boolean Shows the .snapshot directory in the root of allSMB shares.

enable_security_signatures Boolean Indicates whether the server supports signedSMB packets.

guest_user string Specifies the fully qualified username to use forguest access.

SMB resources

SMB global settings resource 69


ignore_eas Boolean Specifies whether to ignore extended attributes(EAs) on files.

onefs_cpu_multiplier integer Specifies the number of OneFS driver workerthreads per CPU.

onefs_num_workers integer Sets the maximum number of OneFS driverworker threads.

require_security_signatures Boolean Indicates whether the server requires signedSMB packets.

server_string string Provides a description of the server.

srv_cpu_multiplier integer Specifies the number of SRV service workerthreads per CPU.

srv_num_workers integer Sets the maximum number of SRV serviceworker threads.

support_netbios Boolean Specifies whether NetBIOS support is supportedon the server.

support_smb2 Boolean Specifies whether the SMB2 protocol issupported on the server.

Share propertiesObject properties for an SMB share.


run_as_root run as root onpage 72

Lists the personas to be runas root. The permissions forthe personas in this listoverride permissionsspecified elsewhere.

allow_execute_always Boolean Enables users to executefiles that they have readrights for.

strict_locking Boolean Specifies whether byterange locks contend withSMB I/O.

hide_dot_files Boolean Hides files and directoriesthat begin with a period.

impersonate_guest string Specifies the condition inwhich user access isperformed as the guestaccount.

strict_flush Boolean Determines whether thedata is always flushed todisk.

SMB resources



mangle_byte_start integer Provides the starting valuefor the automatic bytemangling range (in decimalnotation).

directory_create_mask integer Specifies the permissionbits (in decimal notation)that can be set when adirectory is created.

directory_create_mode integer Specifies the permissionbits that are set when adirectory is created.

file_create_mask integer Specifies the permissionbits (in decimal notation)that can be set when a file iscreated.

file_create_mode integer Specifies the permissionbits that are set when a fileis created.

create_permissions string Determines howpermissions are set for newfiles and directories in theSMB share.

mangle_map array Specifies the charactermangle map.

impersonate_user string Specifies the user accountto be used as a guestaccount.

change_notify string Specifies the level of changenotification alerts on theSMB share.

oplocks Boolean Specifies whether to supportoplocks.

allow_delete_readonly Boolean Specifies whether read-onlyfiles in the SMB share canbe deleted.

ntfs_acl_support Boolean Supports NTFS accesscontrol lists (ACLs) on filesand directories.

access_based_enumeration Boolean Enumerates only the filesand folders that therequesting user has accessto. This does not apply tothe root directory of theshare.

SMB resources

Share properties 71


access_based_enumeration_root_only Boolean Specifies whether access-based enumeration is usedin the root directory of theSMB share.

host_acl array Lists the hostnames,subnets, or IP addressesthat are allowed or deniedaccess to the share. Alltypes are allowed unlessspecifically denied. It isrecommended that a denyclause be the final entry inthe list.

inheritable_path_acl string Sets an inheritable ACL onthe SMB share path.

id string Provides the system ID givento the SMB share. In a POSTrequest, this value is the IDthat refers to the item in thecollection item resourcepath.

description string Describes the SMB share.

path string Provides the path of theSMB share within /ifs.

name string Provides the SMB sharename.

csc_policy string Provides the client-sidecaching policy for the SMBshares.

browsable Boolean Ensures that the SMB shareis visible in net view and inthe browse list.

permissions permissions onpage 73

Provides the ordered list ofpermission modifications.

Run as root propertiesObject properties for run as root.


id integer Provides the serialized form of the persona (such as 'UID:0','USER:name', 'GID:0', 'GROUP:wheel', 'SID:S-1-1').

name string Provides the persona name, which must be combined with type.

type string Provides the type of persona, which must be combined with name.

SMB resources


Permissions propertiesObject properties for permissions.


permission string Provides the file system rights that are to beallowed or denied.

permission_type string Specifies whether to allow or deny thepermission.

trustee trustee on page73

A persona that consists of either a type and aname or an id.

Trustee propertiesObject properties for trustees.



name string Provides the persona name, which must be combined with type.

type string Provides the type of persona, which must be combined with name.

Open files propertiesObject properties for open files.


id integer Provides the system ID given to the file. In a POST request, thisvalue is the ID used to refer to the item in the collection itemresource path.

file string Provides the path of the file within /ifs.

user string Provides the name of the user with the file opened.

locks integer Provides the number of locks the user holds on the file.

permissions string Provides the permissions on the file for the user.

Sessions propertiesObject properties for an SMB session.


id integer Provides the ID for the SMB session.

computer string Provides the internet address for the client.

user string Provides the local user name.

SMB resources

Permissions properties 73


client_type string Provides the client type.

openfiles integer Provides the number of files current opened by the client.

active_time integer Provides the number of seconds since the session started.

idle_time integer Provides the number of seconds since the last client operation.

guest_login Boolean When set to true, guests can log in.

encryption Boolean When set to true, the session is encrypted.

SMB resources


CHAPTER 6

Quota resources

These resources allow users to retrieve, create, modify, or delete SmartQuotasconfigurations and settings.

u Quota license resource..........................................................................................76u Quota summary resource......................................................................................76u Quotas resource....................................................................................................77u Quota quotas notification rules resource...............................................................78u Quota reports resource..........................................................................................79u Quota about reports resource................................................................................81u Quota report settings resource..............................................................................81u Quota default notifications rules resource.............................................................82u Quota mappings settings resource........................................................................83u Quotas properties.................................................................................................84u Persona properties................................................................................................85u Usage properties...................................................................................................86u Threshold properties.............................................................................................86

Quota resources 75

Quota license resourceThis resource retrieves license information for the SmartQuotas feature.

Operation Method and URI- -Get license information for a quota GET /platform/1/quota/license

View the detailed JSON schema for the quotalicense

GET /platform/1/quota/license?describe


Object properties


duration integer Provides the total duration in seconds for temporary licenses.

expiration integer Provides the UNIX Epoch time when the license expires.

status array Provides the current status of the license. Possible states are:activated, evaluation, expired, inactive, and unknown.

name string Provides the name of the licensed feature.

Quota summary resourceThis resource returns summary information for file system quotas.

Operation Method and URI- -Get the quota collection summary. GET /platform/1/quota/quotas-

summary

View detailed JSON schema for the quotasummary

GET /platform/1/quota/quotas-summary?describe


Object properties


count integer Provides the total number of quotas.

default_group_quotas_count integer Provides the total number of default-groupquotas.

default_user_quotas_count integer Provides the total number of default-userquotas.

Quota resources



directory_quotas_count integer Provides the total number of directory quotas.

group_quotas_count integer Provides the total number of group quotas.

linked_quotas_count integer Provides the total number of user and grouptotals that are linked.

user_quotas_count integer Provides the total number of user quotas.

Quotas resourceThis resource applies the standard collection pattern to file system quotas.

Operation Method and URI- -Get one quota GET /platform/1/quota/quotas/<quota-id>

Get all quotas GET /platform/1/quota/quotas

Create a quota POST /platform/1/quota/quotas

Modify a quota PUT /platform/1/quota/quotas/<quota-id>

Delete a quota DELETE /platform/1/quota/quotas/<quota-id>

Delete all quotas DELETE /platform/1/quota/quotas

View the detailed JSON schema forall quotas

GET /platform/1/quota/quotas?describe

View the detailed JSON schema for asingle quota object

GET /platform/1/quota/quotas/<quota-id>?describe

Query Parameterspath

Only applies to quotas matching this path (see recurse_path_*).

type

Only applies to quotas matching this type.

persona

Only applies to user or group quotas that match this persona. This parameter must beused with the corresponding type argument).

include_snapshots

Only applies to quotas with the setting for include_snapshots.

enforced

Only applies to quotas with this enforcement (non-accounting).

exceeded

Only list quotas which have exceeded one or more of their thresholds.

recurse_path_parents

If used with the path argument, this parameter applies to all quotas at that path or atany parent directory.

Quota resources

Quotas resource 77

recurse_path_children

If used with the path argument, this parameter applies to all quotas at that path or atany descendent subdirectory.

report_id

Uses the named report as a source rather than the live quotas. See the quota reportsresource for a list of valid reports.

zone

An optionally named zone for user and group resolution.

resolve_names

If true, resolves group and user names in personas.

limit

Return no more than this many results at once (see resume).

resume

Continue returning results from a previous request (cannot be used with otherparameters).

Object Properties and Structure


total integer Provides the total number of quotas available.

resume integer Provides the value for the resume argument to be usedfor continuation requests.

container Boolean Enables the SMB shares using the quota directory tosee the quota threshold as the share size.

quotas quotas on page84

Properties for a quota.

Quota quotas notification rules resourceThis resource applies the standard collection pattern to the notification rules for a quota.

Operation Method and URI- -Get a notification rule for aquota

GET /platform/1/quota/quotas/<quota-id>/notifications/<notification-id>

Get all notification rules for aquota

GET /platform/1/quota/quotas/<quota-id>/notifications

Create notification rules for aquota

POST /platform/1/quota/quotas/<quota-id>/notifications

Create empty overridenotification rules for a quota

PUT /platform/1/quota/quotas/<quota-id>/notifications

Modify notification rules for aquota

PUT /platform/1/quota/quotas/<quota-id>/notifications/<notification-id>

Delete notification rules for aquota

DELETE /platform/1/quota/quotas/<quota-id>/notifications/<notification-id>

Quota resources


Operation Method and URI- -Delete all notification rules for aquota

GET /platform/1/quota/quotas/<quota-id>/notifications

View detailed JSON schema forquota notification rules

GET /platform/1/quota/quotas/<quota-id>/notifications?describe

View detailed JSON schema fora single quota notification ruleobject

GET /platform/1/quota/quotas/<quota-id>/notifications/<notification-id>?describe


Object properties


id string Provides the system ID given to the rule. In a POSTrequest, this is the ID of the created item that refers tothe item in the collection item resource path.

action_alert string Sends an alert when the rule matches.

action_email_address string Sends an email to a specific address when the rulematches.

action_email_owner string Sends an email to the quota domain owner when therule matches.

email_template string Provides the path of the optional /ifs template fileused for email.

condition array Provides the condition that must occur on the quota totrigger notification actions. Options include: exceeded,denied, violated, expired.

holdoff integer Provides the time to wait between detections for rulesthat are triggered by user actions.

Quota reports resourceThis resource applies the standard collection pattern to quota reports.

Operation Method and URI- -Get a quota report GET /platform/quota/reports/<report-

id>?contents

Get all quota reports GET /platform/quota/reports

Create a quota report POST /platform/quota/reports/<report-id>?contents

Quota resources

Quota reports resource 79

Operation Method and URI- -Delete a quota report DELETE /platform/quota/reports/<report-

id>

View detailed JSON schema aboutquota reports.

GET /platform/quota/reports?describe

View detailed JSON schema about asingle quota reports object.

GET /platform/quota/reports/<report-id>?describe

Query parameterstype

Only applies to reports matching this type.

generated

Applies to reports that match the source type (scheduled, manual, or all).

dir


limit


resume

Continue returning results from a previous request (cannot be used with otherparameters).

Object properties


total integer Provides the total number of reports available.

id string Provides the system ID given to the report. In a POST request, thisvalue is the ID that refers to the created item in the collection itemresource path.

generated string Indicates whether the report was generated manually (live) orscheduled.

type string Indicates whether the report is a summary report or detail report.

resume string Provides the value of the resume argument to be used forcontinuation calls.

time integer Provides the UNIX Epoch time that the report was generated.

Quota resources


Quota about reports resourceThis resource applies the standard system object pattern to return metadata forindividual quota reports.

Operation Method and URI- -Get metadata about a report GET /platform/1/quota/reports/<report-id>/

about

View detailed JSON schema forabout reports

GET /platform/1/quota/reports/<report-id>/about?describe


Object properties


id string Provides the system ID given to the report. In a POST request, this isthe ID of the created item that refers to the item in the collectionitem resource path.

generated string Indicates whether the report was generated manually (live) or by aschedule.

type string Indicates whether the report is a summary report or detail report.

time integer Provides the UNIX Epoch time the report was taken.

Quota report settings resourceThis resource applies the standard system object pattern to quota report settings.

Operation Method and URI- -Get quota report settings GET /platform/1/quota/settings/

reports

Modify quota report settings PUT /platform/1/quota/settings/reports

View the detailed JSON schema about reportsettings

GET /platform/1/quota/settings/reports?describe


Quota resources

Quota about reports resource 81

Object properties


id string The system ID given to the rule. In a POST request, this isthe ID of the created item that is used to refer to the item inthe collection item resource path

live_dir string Provides the directory on /ifs where manual or live reportsare placed.

live_retain integer Provides the number of manual reports to keep.

schedule string Provides the isidate schedule used to generate reports.

scheduled_dir string Provides the directory on /ifs where schedule reports areplaced.

scheduled_retain integer Provides the number of scheduled reports to keep.

schedule string Provides the schedule for repeated notification rules.

threshold integer Provides the detected quota threshold.

Quota default notifications rules resourceThis resource applies the standard collection pattern to default quota notification rules.

Operation Method and URI- -Get default global notification rules GET /platform/1/quota/settings/

notifications/<notification-id>or GET /platform/1/quota/quotas/<report-id>/notifications

Get a default global notification rule GET /platform/1/quota/settings/notifications/<notification-id>or GET /platform/1/quota/quotas/<report-id>/notifications

Create a default global notificationrule

POST /platform/1/quota/settings/notifications/<notification-id>or POST /platform/1/quota/quotas/<report-id>/notifications/<notification-id>

Modify a default global notificationrule

PUT /platform/1/quota/settings/notifications/<notification-id>or PUT /platform/1/quota/quotas/<report-id>/notifications/<notification-id>

Delete default global notificationrules

DELETE /platform/1/quota/settings/notificationsor DELETE /platform/1/quota/quotas/<report-id>/notifications

Quota resources


Operation Method and URI- -Delete a default global notificationrule

DELETE /platform/1/quota/settings/notifications/<notification-id>or DELETE /platform/1/quota/quotas/<report-id>/notifications/<notification-id>

View the detailed JSON schemaabout global notification rules

GET /platform/1/quota/settings/notifications?describe

View the detailed JSON schemaabout a global notification rule

GET /platform/1/quota/settings/notifications/<notification-id>?describe


Object properties


id string Provides the system ID given to the rule. In a POSTrequest, this is the ID of the created item that refers tothe item in the collection item resource path.

action_alert string Sends an alert when the rule matches.

action_email_address string Sends an email to a specific address when the rulematches.

action_email_owner string Sends an email to the quota domain owner when therule matches.

email_template string Provides the path of the optional /ifs template fileused for email.

condition array Provides the condition that must occur on the quota totrigger notification actions. Options consist of:exceeded, denied, violated, and expired.

holdoff integer Provides the time to wait between detections for rulestriggered by user actions.

schedule string Provides the schedule for repeated notification rules.

threshold integer Provides the detected quota threshold.

Quota mappings settings resourceThis resource applies the standard collection pattern to quota notification email mappingrules.

Operation Method and URI- -Get quota email mapping settings GET /1/quota/settings/mappings

Quota resources

Quota mappings settings resource 83

Operation Method and URI- -Create quota email mapping settings POST /1/quota/settings/mappings/

<domain>

Modify quota email mapping setting PUT /1/quota/settings/mappings/<domain>

Delete a quota email mapping setting DELETE /1/quota/settings/mappings/<domain>

Delete all quota email mapping settings DELETE /1/quota/settings/mappings

View the detailed JSON schema for quotaemail mapping settings

GET /1/quota/settings/mappings?describe

View the detailed JSON schema for a quotaemail mapping settings object

GET /1/quota/settings/mappings/<domain>?describe


Object properties


id integer Provides the system ID given to the domain. In a POST request, thisis the ID of the created item that refers to the item in the collectionitem resource path.

domain string Provides the fully qualified domain name of the source domain tomap.

mapping string Provides the fully qualified domain name of the destination domainto map to.

type array Provides the authentication provider type. Options include: ADS,local, NIS, LDAP, and file.

Quotas propertiesObject properties for quotas.


id string Provides the system ID given to thequota. In a POST request, this is the IDof the created item that refers to theitem in the collection item resourcepath.

enforced Boolean True if the quota providesenforcement, otherwise an accountingquota.

Quota resources



force string Forces the creation of quotas on theroot of /ifs.

include_snapshots Boolean True if the quota governs snapshotdata as well as head data.

linked Boolean True if the quota for a user or group islinked and controlled by a parentdefault-* quota. Linked quotas cannotbe modified until they are unlinked.

notifications array Provides a summary of notifications:custom indicates that one or morenotification rules are available fromthe notifications sub-resource; defaultindicates that the system default rulesare used; disabled indicates that nonotifications are used for this quota.

path string The /ifs path governed.

ready Boolean True if the accounting is accurate onthe quota. If false, this quota iswaiting on the completion of aQuotaScan job.

thresholds_include_overhead Boolean True if thresholds apply to the dataplus file system overhead that isrequired to store the data (such asphysical usage).

type array Provides the type of quota.

persona persona onpage 85

Properties for a persona. A personaconsists of either a name and a type oran id.

usage usage on page86

Properties for quota usage.

thresholds threshold onpage 86

Properties for quota thresholds.

Persona propertiesObject properties for personas.



name string Provides the persona name, which must be combined with a type.

type string Provides the type of persona, which must be combined with a name.

Quota resources

Persona properties 85

Usage propertiesObject properties for quota usage.


inodes integer Provides the number of inodes (file system entities) used bygoverned data.

logical integer Provides the apparent bytes used by governed data.

physical integer Provides the bytes used for governed data and file system overhead.

Threshold propertiesObject properties for quota thresholds.


advisory integer Provides the usage bytes at which notifications are sentbut writes are not denied.

advisory_exceeded Boolean True if the advisory threshold was hit.

hard integer Provides the usage bytes at which further writes aredenied.

hard_exceeded Boolean True if the hard threshold was hit.

soft integer Provides the usage bytes at which notifications are sentand soft grace time is started.

soft_exceeded Boolean True if the soft threshold was hit.

soft_grace integer Provides the time in seconds after which the softthreshold is hit and before writes are denied.

Quota resources


CHAPTER 7

Snapshot resources

These resources allow users to retrieve, create, modify, or delete snapshot configurationsand settings.

u Snapshot license resource....................................................................................88u Snapshot summary resource.................................................................................88u Snapshots resource..............................................................................................89u Snapshot schedules resource...............................................................................90u Snapshot locks resource.......................................................................................91u Snapshot pending resource...................................................................................92u Snapshot settings resource...................................................................................93u Snapshot properties..............................................................................................94u Schedules properties............................................................................................95u Lock properties.....................................................................................................95u Pending properties................................................................................................95

Snapshot resources 87

Snapshot license resourceThis resource retrieves license information for SnapshotIQ.

Operation Method and URI- -Get license information for SnapshotIQ GET /platform/1/snapshot/license

View the detailed JSON schema for snapshotslicense

GET /platform/1/snapshot/license?describe


Object properties


duration integer Provides the total duration in seconds for temporary licenses.

expiration integer Provides the UNIX Epoch time when the license expires.

status array Provides the current status of the license. Possible states are:activated, evaluation, expired, inactive, and unknown.

name string Provides the name of the licensed feature.

Snapshot summary resourceThis resource returns summary information for file system snapshots.

Operation Method and URI- -Get the snapshot summary GET /platform/1/snapshot/

snapshots-summary

View the detailed JSON schema for snapshotsummary

GET /platform/1/snapshot/snapshots-summary?describe


Object properties


count integer Provides the total number of snapshots.

active_count integer Provides the total number of snapshots that are not aliases orpending for deletion.

deleting_count integer Provides the total number of snapshots that are pending fordeletion.

Snapshot resources



aliases_count integer Provides the total number of snapshot aliases.

shadow_bytes integer Provides the number of bytes in a snapshot that arereferenced in a shadow store.

size integer Provides the sum of sizes in bytes of all snapshots.

active_size integer Provides the sum of sizes of snapshots that are not aliases orpending for deletion.

deleting_size integer Provides the sum of sizes of snapshots that are pending fordeletion.

Snapshots resourceThis resource applies the standard collection pattern to file system snapshots.

Operation Method and URI- -Get a single snapshot GET /platform/1/snapshot/snapshots/<id|

snapshot name>

Get a list of snapshots GET /platform/1/snapshot/snapshots

Create a snapshot POST /platform/1/snapshot/snapshots

Modify a snapshot PUT /platform/1/snapshot/snapshots/<id|snapshot name>

Delete a snapshot DELETE /platform/1/snapshot/snapshots/<id|snapshot name>

Delete all snapshots DELETE /platform/1/snapshot/snapshots

View the detailed JSON schemafor a single snapshot object

GET /platform/1/snapshot/snapshots/<id|snapshot name>?describe

View the detailed JSON schemafor snapshots

GET /platform/1/snapshot/snapshots?describe


Order results by this field; options consist of id, name, path, created, expires, size,has_locks, schedule, alias_target, alias_target_name, pct_filesystem, pct_reserve,and state. The default value is id.

dir


schedule

Only list snapshots that were created by this schedule.

type

Only list snapshots that match this type.

state

Snapshot resources

Snapshots resource 89

Only list snapshots that match this state (such as active).

limit


resume


Object properties


total integer Provides the total number of items available.


snapshots snapshots on page 94 Properties for a snapshot.

Snapshot schedules resourceThis resource applies the standard collection pattern to snapshot schedules.

Operation Method and URI- -Get a single snapshot schedule GET /platform/1/snapshot/schedules/<id|

schedule name>

Get a list of snapshot schedules GET /platform/1/snapshot/schedules

Create a snapshot schedule POST /platform/1/snapshot/schedules

Modify a snapshot schedule PUT /platform/1/snapshot/schedules/<id|schedule name>

Delete a snapshot schedule DELETE /platform/1/snapshot/schedules/<id|schedule name>

Delete all snapshot schedules DELETE /platform/1/snapshot/schedules

View the detailed JSON schemafor a single snapshot scheduleobject

GET /platform/1/snapshot/schedules/<id|schedule name>?describe

View the detailed JSON schemafor snapshot schedules

GET /platform/1/snapshot/schedules?describe


Order results by this field; options consist of id, name, path, pattern, schedule,duration, alias, next_run, and next_snapshot. The default option is id.

dir


limit


Snapshot resources


resume

Continue returning results from previous request (cannot be used with other options).

Object properties


total integer Provides the total number of schedules to display.


schedules schedules on page 95 Properties for snapshot schedules.

Snapshot locks resourceThis resource applies the standard collection pattern to locks on an individual snapshot.

Operation Method and URI- -Get a single lock on asnapshot

GET /platform/1/snapshot/snapshots/<snapshot-name|id>/locks/<lock-id>

Get a list of locks on asnapshot

GET /platform/1/snapshot/snapshots/<id|snapshot name>/locks

Create a lock on a snapshot POST /platform/1/snapshot/snapshots/<snapshot-name|id>/locks

Modify a lock on a snapshot PUT /platform/1/snapshot/snapshots/<snapshot-name|id>/locks/<lock-id>

Remove a lock from asnapshot

DELETE /platform/1/snapshot/snapshots/<lock-id>/locks

View the detailed JSONschema for a single snapshotlock object

GET /platform/1/snapshot/snapshots/<snapshot-name|id>/locks/<lock-id>?describe

View the detailed JSONschema for snapshot locks

GET /platform/1/snapshot/snapshots/<id|snapshot name>/locks?describe


Order results by this field; options consist of id, expires, and comment. The defaultoption is id.

dir

Directions for the sort order are ascending (ASC) or descending (DESC). The defaultoption is ascending.

limit


resume


Snapshot resources

Snapshot locks resource 91

Object properties


total integer Provides the number of items available.

resume string Provides the value for the resume argument to be usedfor continuation calls.

locks locks on page 95 Properties for a lock on a snapshot.

Snapshot pending resourceThis resource applies the standard collection pattern to snapshots that will be generatedby a snapshot schedule.

Operation Method and URI- -Get a list of scheduled pending snapshots GET /platform/1/snapshot/pending

View the detailed JSON schema for pendingsnapshots

GET /platform/1/snapshot/pending?describe

Query parametersschedule

Limit output only to the named schedule.

begin

UNIX Epoch time to start generating matches. The default option is now.

end

UNIX Epoch time to end generating matches. The default option is forever.

limit

Return no more than this many results at once (see resume).

resume

Continue returning results from a previous request (cannot be used with otherparameters.)

Object propertiesresume



pending pending on page 95 Properties for pending snapshots.

Snapshot resources


Snapshot settings resourceThis resource applies the standard settings pattern to global snapshot settings.

Operation Method and URI- -Get the current snapshot settings GET /platform/1/snapshot/settings

Modify the current snapshot settings PUT /platform/1/snapshot/settings

View the detailed JSON schema for snapshotsettings

GET /platform/1/snapshot/settings?describe


Object properties


service Boolean True if the system allows snapshot creation.

autocreate Boolean True if the scheduled snapshot creation services isenabled.

autodelete Boolean True if the scheduled snapshot deletion services isenabled.

reserve integer Sets the percentage of space to reserve forsnapshots.

global_visible_accessible Boolean Enables a global switch for accessibility andvisibility settings of snapshot directories.

nfs_root_accessible Boolean True if the root .snapshot directory is accessibleover NFS.

nfs_root_visible Boolean True if the root .snapshot directory is visible overNFS.

nfs_subdir_accessible Boolean True if the subdirectory .snapshot directories areaccessible over NFS.

local_root_accessible Boolean True if the root .snapshot directory is accessiblelocally.

local_root_visible Boolean True if the root .snapshot directory is visiblelocally.

local_subdir_accessible Boolean True if the subdirectory .snapshot directories areaccessible locally.

smb_root_accessible Boolean True if the root .snapshot directory is accessibleover SMB.

smb_root_visible Boolean True if the root .snapshot directory is visible overSMB.

Snapshot resources

Snapshot settings resource 93


smb_subdir_accessible Boolean True if the subdirectory .snapshot directories areaccessible over SMB.

Snapshot propertiesObject properties for snapshots.


id integer Provides the system ID that is given to the snapshot. ThisID is useful for tracking the status of delete pendingsnapshots, because after being marked for deletion, asnapshot can no longer be referenced by name. In a POSTrequest, this value is the ID that refers to the item in thecollection item resource path.

name string Provides the user or system supplied snapshot name.This value is null for snapshots that are pending delete.

shadow_bytes integer Provides the number of bytes in a snapshot that isreferenced in a shadow store.

schedule string Provides the name of the schedule used to create thissnapshot, if applicable.

created integer Provides the Unix Epoch time the snapshot was created.

expires integer Provides the Unix Epoch time the snapshot expires and iseligible for automatic deletion.

path string Provides a snapshot of the /ifs path.

size integer Provides the amount of storage (in bytes) used to storethis snapshot.

pct_filesystem integer Provides the percentage of the /ifs directory that isstoring this snapshot.

pct_reserve integer Provides the percentage of the configured snapshot thatis reserved to store this snapshot.

alias_target integer Provides the ID of the snapshot pointed to if this value isan alias.

alias_target_name string The name of the snapshot pointed to if this value is analias.

has_locks Boolean True if the snapshot has one or more locks present. Seethe locks resource of a snapshot for a list of locks.

state string Provides the snapshot state. The options are active ordeleting.

Snapshot resources


Schedules propertiesObject properties for schedules.


id integer Provides the system ID given to the schedule. In a POSTrequest, this value is the ID that refers to the item in thecollection item resource path.

name string Provides the name of the schedule.

pattern string Creates names for snapshot schedules according to a patternwith the strftime function.

path string Provides the path to take a snapshot of.

schedule string Provides the isidate compatible natural language descriptionof the schedule.

duration integer Provides the amount of time before a snapshot isautomatically deleted by a schedule.

alias string Provides the alternative name to create for each snapshot.

next_run integer Provides the UNIX Epoch time of next snapshot to be created.

next_snapshot string Provides the formatted name of the next snapshot to becreated.

Lock propertiesObject properties for locks.


id integer Provides the system generated lock ID. In a POST request, this valuerefers to the item in the collection item resource path.

comment string Provides the user-supplied lock comment.

expires integer Provides the UNIX Epoch time the snapshot lock expires and iseligible for automatic deletion.

Pending propertiesObject properties for pending snapshots.


id string Provides the system supplied unique ID used for sorting and paging.

schedule string Provides the name of the schedule that created this snapshot.

time integer Provides the UNIX Epoch time the snapshot will be created.

snapshot string Provides the system snapshot name formed from the scheduleformate.

Snapshot resources

Schedules properties 95


path string Provides the /ifs path of the snapshot that is taken.

Snapshot resources


CHAPTER 8

Zones resources

These resources allow users to retrieve, create, modify, or delete access zoneconfigurations and settings.

u Zones summary resource......................................................................................98u Zones resource......................................................................................................98u Zone persona properties.......................................................................................99

Zones resources 97

Zones summary resourceThis resource returns summary information for access zones.

Operation Method and URI- -Get the zones summary GET /platform/1/zones-summary

View detailed JSON schema for the zonessummary

GET /platform/1/zones-summary?describe


Object properties


count integer Provides the total number of zones.

Zones resourceThis resource applies the standard collection pattern to access zones.

Operation Method and URI- -Get one zone GET /platform/1/zones/<zone-id>

Get all zones GET /platform/1/zones

Create a zone POST /platform/1/zones

Modify a zone PUT /platform/1/zones/<zone-id>

Delete a zone DELETE /platform/1/zones/<zone-id>

View the detailed JSON schema for all zones GET /platform/1/zones?describe

View the detailed JSON schema for a singlezone object

GET /platform/1/zones/<zone-id>?describe


Object properties


id string Provides the system ID for the zone. In aPOST request, this value is the ID thatrefers to the item in the collection itemresource path.

Zones resources



all_auth_providers Boolean Enables all authentication providers thatare available.

all_smb_shares Boolean Enables all SMB shares that areavailable.

alternate_system_provider string Provides an alternate system provider.

auth_providers array Provides the list of authenticationproviders used on this zone.

cache_size integer Specifies the maximum size of zone in-memory cache.

home_directory_umask integer Provides the permissions set onautomatically created user homedirectories.

local_provider Boolean Enables the local provider.

map_untrusted string Maps untrusted domains to the NetBIOSdomain during authentication.

name string Provides the zone name.

netbios_name string Provides the NetBIOS name.

skeleton_directory string Provides the skeleton directory that isused for user home directories.

smb_shares array Provides the list of SMB share namesavailable within this zone.

system Boolean Indicates whether the zone is built-in.

system_provider string Provides the system provider for thezone.

user_mapping_rules array Provides the current ID mapping rules.

zone_id integer Provides the zone ID on the system.

ifs_restricted persona onpage 99

Returns an array of persona objects.

Zone persona propertiesObject properties for zone personas.


id integer The serialized form of the zone (such as 'UID:0', 'USER:name', 'GID:0', 'GROUP:wheel', 'SID:S-1-1').

name string The persona name, which must be combined with type.

type string The type of persona, which must be combined with name.

Zones resources

Zone persona properties 99

Zones resources


onefs-platform-api-reference-7-0-1.pdf

Documents

api session resource

users resource

netgroups resource

users member of resource

groups members resource

mapping users rules

mapping users lookup

trademarks of emc corporation