Skip to main content
BlueXP copy and sync

Copying ACLs from SMB shares

Contributors netapp-ivanad netapp-bcammett

BlueXP copy and sync can copy access control lists (ACLs) between SMB shares and between an SMB share and object storage (except for ONTAP S3). If needed, you also have the option to manually preserve ACLs between SMB shares by using robocopy.

Set up BlueXP copy and sync to copy ACLs

Copy ACLs between SMB shares and between SMB shares and object storage by enabling a setting when you create a relationship or after you create a relationship.

Before you begin

This feature works with any type of data broker: the AWS, Azure, Google Cloud Platform, or on-prem data broker. The on-prem data broker can run any supported operating system.

Steps for a new relationship
  1. From BlueXP copy and sync, select Create New Sync.

  2. Drag and drop an SMB server or object storage as the source and an SMB server or object storage as the target, and select Continue.

  3. On the SMB Server page:

    1. Enter a new SMB server or select an existing server and select Continue.

    2. Enter credentials for the SMB server.

    3. Choose to either Copy only files, Copy only ACL, or Copy files and ACL and select Continue.

      A screenshot that shows the option to enable Copy Access Control Lists to the target.

  4. Follow the remaining prompts to create the sync relationship.

    When you copy ACLs from SMB to object storage, you can choose to copy the ACLs to the object's tags or on the object's metadata, depending on the target. For Azure and Google Cloud Storage, only the metadata option is available.

    The following screenshot shows an example of the step where you can make this choice.

    A screenshot of the sixth step in the sync relationship wizard when copying to object storage. You can choose to save the ACLs to the object's tags or metadata.

Steps for an existing relationship
  1. Hover over the sync relationship and select the action menu.

  2. Select Settings.

  3. Choose to either Copy only files, Copy only ACL, or Copy files and ACL and select Continue.

  4. Select Save Settings.

Result

When syncing data, BlueXP copy and sync preserves the ACLs between the source and target.

Manually copy ACLs between SMB shares

You can manually preserve ACLs between SMB shares by using the Windows robocopy command.

Steps
  1. Identify a Windows host that has full access to both SMB shares.

  2. If either of the endpoints require authentication, use the net use command to connect to the endpoints from the Windows host.

    You must perform this step before you use robocopy.

  3. From BlueXP copy and sync, create a new relationship between the source and target SMB shares or sync an existing relationship.

  4. After the data sync is complete, run the following command from the Windows host to sync the ACLs and ownership:

    robocopy /E /COPY:SOU /secfix [source] [target] /w:0 /r:0 /XD ~snapshots /UNILOG:”[logfilepath]

    Both source and target should be specified using the UNC format. For example: \\<server>\<share>\<path>