Table of ContentsView in Frames

Checking client access to exports

When you deploy export policies to manage client access to exports, you might want to first test the export policies to ensure that they work as intended. If you have deployed export policies and clients experience access issues, you might need to test the export policies to troubleshoot the issue. You can test export policies for these purposes by using the vserver export-policy check-access command.

About this task

You can check access for a specific client to a specific volume or qtree export using a specific authentication method and file access protocol.

Steps

  1. Check client access to exports by using the vserver export-policy check-access command.
    See the man page for the command for more information.
  2. Examine the output to determine whether the export policy works as intended and the client access behaves as expected. Specifically, verify which export policy is used by the volume or qtree and the type of access the client has as a result.
  3. If necessary, reconfigure the export policy rules as needed.

Example

The following command checks read/write access for an NFSv3 client with the IP address 1.2.3.4 to the qtree qt1 on the volume flex_vol. The command output shows that the qtree uses the export policy primarynames and that access is denied.

cluster1::> vserver export-policy check-access -vserver vs1 -client-ip 1.2.3.4 -volume flex_vol -authentication-method sys -protocol nfs3 -access-type read-write -qtree qt1
                                         Policy    Policy     Rule
Path                          Policy     Owner     Owner Type Index  Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             default    vs1_root  volume          1 read
/dir1                         default    vs1_root  volume          1 read
/dir1/dir2                    default    vs1_root  volume          1 read
/dir1/dir2/flex1              data       flex_vol  volume         10 read
/dir1/dir2/flex1/qt1          primarynames
                                         qt1       qtree           0 denied
5 entries were displayed.