Adaptec 5325301507 Administration Guide - Page 121
Configuring Share Access, Share Access Behaviors
UPC - 753253015740
View all Adaptec 5325301507 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Configuring Share Access Configuring Share Access The GuardianOS supports share-level as well as file- and directory-level permissions (see "Windows ACLs" on page 107) for all local and Windows domain users and groups. Share Access Behaviors Administrators tasked with devising security policies for the SnapServer will find the following share access behaviors of interest: • Share access defaults to full control - The default permission granted to users and groups when they are granted access to the share is full control. You may restrict selected users and groups to read-only access. • User-based share access permissions are cumulative - An SMB, AFP, HTTP, or FTP user's effective permissions for a resource are the sum of the permissions that you assign to the individual user account and to all of the groups to which the user belongs in the Share Access page. For example, if a user has read-only permission to the share, but is also a member of a group that has been given fullaccess permission to the share, the user gets full access to the share. • NFS access permissions are not cumulative - an NFS user's access level is based on the permission in the NFS access list that most specifically applies. For example, if a user connects to a share over NFS from IP address 192.168.0.1, and the NFS access for the share gives read-write access to * (All NFS clients) and read-only access to 192.168.0.1, the user will get read-only access. • Interaction between share-level and file-level access permissions - When both share-level and file-level permissions apply to a user action, the more restrictive of the two applies. Consider the following examples: Example A: More restrictive file-level access trumps more permissive share-level access. Share Level File Level Result Full control Read-only to FileA Full control over all directories and files in SHARE1 except where a more restrictive file-level permission applies. The user has read-only access to FileA. Chapter 6 Share and File Access 105