Cloud Sync can preserve access control lists (ACLs) between a source SMB/CIFS share and a target SMB/CIFS share. If needed, you can manually preserve the ACLs yourself.
Setting up Cloud Sync to automatically copy ACLs
Cloud Sync can copy ACLs between SMB shares, but you must run a deployment script on a Windows host and activate support when you create a new relationship. You can’t activate support after you create the relationship.
Set up a Windows host that meets the following requirements:
Windows 10 or Windows Server 2016
A connection to the source SMB/CIFS server
A connection the target SMB/CIFS server
Port 8080 open for inbound HTTP traffic from the data broker’s subnet
Log in to the Windows host.
Run the deployment script with Administrator’s privileges by right-clicking and selecting Run as administrator.
When you create a sync relationship between two SMB/CIFS servers, select Copy ACLs to the target and then specify the IP address of the Windows host.
This option is available when you specify the source SMB/CIFS server.
Cloud Sync preserves the ACLs between the source and target SMB/CIFS shares.
Manually copying ACLs
You can manually preserve ACLs between SMB/CIFS shares by using the Windows robocopy command.
Identify a Windows host that has full access to both SMB/CIFS shares.
If either of the endpoints require authentication, use the net use command to connect to the endpoints from the Windows host.
You must perform this step before you use robocopy.
From Cloud Sync, create a new relationship between the source and target SMB/CIFS shares or sync an existing relationship.
After the data sync is complete, run the following command from the Windows host to sync the ACLs and ownership:
robocopy /E /COPY:SOU /secfix [source] [target] /w:0 /r:0 /XD ~snapshots /UNILOG:”[logfilepath]
Both source and target should be specified using the UNC format. For example: \\<server>\<share>\<path>