FPolicy is an infrastructure component of Data ONTAP that enables partner applications connected to your storage systems to monitor and set file access permissions.
Every time a client accesses a file from a storage system, based on the configuration of FPolicy, the partner application is notified about file access. This enables partners to set restrictions on files that are created or accessed on the storage system.
FPolicy allows you to create file policies that specify file operation permissions according to file type. For example, you can restrict certain file types, such as JPEG and .mp3 files, from being stored on the storage system.
When FPolicy was first introduced in Data ONTAP 6.4, it only supported the CIFS protocol. Support for the NFS protocol was added in Data ONTAP 7.0. However, FPolicy requires CIFS to be licensed even for NFS specific events.
FPolicy determines how the storage system handles requests from individual client systems for operations such as create, open, rename, and delete. The storage system maintains a set of properties for FPolicy, including the policy name and whether that policy is active. You can set these properties for FPolicy using the storage system console commands.
The FPolicy interface is a Data ONTAP API (called ONTAPI ) that runs on a Distributed Computing Environment (DCE) and uses Remote Procedure Calls (RPC). Using these tools, the external applications can register as FPolicy servers.
The FPolicy interface allows a programmer to implement sophisticated file screening functionality on a storage system or NearStore system from an external application running on a separate platform.
File screening in Data ONTAP can be enabled in two ways.
The file screening software runs on a client that functions as a file screening server. File screening software provides flexible control and filtering of file content.
The file screening software runs natively on the storage system. Native file blocking provides simple denial of restricted file types.