You can add permission tracing filters to instruct Data ONTAP to log information in the system log about why the storage system allows or denies a client or user to perform an operation.
Adding permission tracing filters has a minor effect on storage system performance; therefore, you should add permission tracing filters for debugging purposes only. When you are done debugging, you should remove all permission tracing filters. Furthermore, the filtering criteria you specify should be as specific as possible so that Data ONTAP does not send a large number of EMS messages to the console.
Keep the following limitations in mind:
The following command adds a permission tracing filter to trace all access requests from a client with an IP address of 192.168.10.23 that Data ONTAP denies.
sectrace add -ip 192.168.10.23
The following command adds a permission tracing filter to trace all access requests from the UNIX user foo to the path /vol/vol0/home4 that Data ONTAP allows or denies:
sectrace add -unixuser foo -path /vol/vol0/home4 -a