Adaptec 5325301656 Administration Guide - Page 102

Configuring Share Access Security Models, SnapTrees, and Shares In the course of creating a share that points to a volume or to a directory on the root of the volume (aka SnapTree directory), you must assign a security model to the volume or SnapTree directory. Thereafter, security models for these entities are managed on the Security > SnapTrees screens. NIS Users When a Snap Server is connected to a UNIX domain, NIS users do not appear in the list of users under Security > Shares > Access. NIS user properties cannot be modified from the Snap Server. However, it is possible to assign quotas to NIS users and groups from the Storage > Quotas page in the UI. Configuring Share Access The GuardianOS supports share-level as well as file- and directory-level permissions (see "Windows ACLs" on page 90) for all local and Windows domain users and groups. Share Access Behaviors Administrators tasked with devising security policies for the Snap Server will find the following share access behaviors of interest: • Share access defaults to full control - The default permission granted to users and groups when they are granted access to the share is full control. You may restrict selected users and groups to read-only access. • Share access permissions are cumulative - A user's effective permissions for a resource are the sum of the permissions that you assign to the individual user account and to all of the groups to which the user belongs. For example, if a user has read-only permission to the share, but is also a member of a group that has been given full-access permission to the share, the user gets full access to the share. • Interaction between share-level and file-level access permissions - When both share-level and file-level permissions apply to a user action, the more restrictive of the two applies. Consider the following examples: 88 Snap Server Administrator Guide