Copy ACLs from SMB shares
BlueXP copy and sync can copy access control lists (ACLs) between SMB shares and between an SMB share and object storage (except for ONTAP S3). If needed, you also have the option to manually preserve ACLs between SMB shares by using robocopy.
Set up BlueXP copy and sync to copy ACLs
Copy ACLs between SMB shares and between SMB shares and object storage by enabling a setting when you create a relationship or after you create a relationship.
This feature works with any type of data broker: the AWS, Azure, Google Cloud Platform, or on-prem data broker. The on-prem data broker can run any supported operating system.
-
From BlueXP copy and sync, select Create New Sync.
-
Drag and drop an SMB server or object storage as the source and an SMB server or object storage as the target, and select Continue.
-
On the SMB Server page:
-
Enter a new SMB server or select an existing server and select Continue.
-
Enter credentials for the SMB server.
-
Choose to either Copy only files, Copy only ACL, or Copy files and ACL and select Continue.
-
-
Follow the remaining prompts to create the sync relationship.
When you copy ACLs from SMB to object storage, you can choose to copy the ACLs to the object's tags or on the object's metadata, depending on the target. For Azure and Google Cloud Storage, only the metadata option is available.
The following screenshot shows an example of the step where you can make this choice.
-
Hover over the sync relationship and select the action menu.
-
Select Settings.
-
Choose to either Copy only files, Copy only ACL, or Copy files and ACL and select Continue.
-
Select Save Settings.
When syncing data, BlueXP copy and sync preserves the ACLs between the source and target.
Manually copy ACLs between SMB shares
You can manually preserve ACLs between SMB shares by using the Windows robocopy command.
-
Identify a Windows host that has full access to both SMB shares.
-
If either of the endpoints require authentication, use the net use command to connect to the endpoints from the Windows host.
You must perform this step before you use robocopy.
-
From BlueXP copy and sync, create a new relationship between the source and target SMB shares or sync an existing relationship.
-
After the data sync is complete, run the following command from the Windows host to sync the ACLs and ownership:
robocopy /E /COPY:SOU /secfix [source] [target] /w:0 /r:0 /XD ~snapshots /UNILOG:”[logfilepath]
Both source and target should be specified using the UNC format. For example: \\<server>\<share>\<path>