Learn about ONTAP SMB privileges
Suggest changes
PDFs
You can assign privileges directly to local users or domain users. Alternatively, you can assign users to local groups whose assigned privileges match the capabilities that you want those users to have.
-
You can assign a set of privileges to a group that you create.
You then add a user to the group that has the privileges that you want that user to have.
-
You can also assign local users and domain users to predefined groups whose default privileges match the privileges that you want to grant to those users.
List of supported ONTAP SMB privileges
ONTAP has a predefined set of supported privileges. Certain predefined local groups have some of these privileges added to them by default. You can also add or remove privileges from the predefined groups or create new local users or groups and add privileges to the groups that you created or to existing domain users and groups.
The following table lists the supported privileges on the storage virtual machine (SVM) and provides a list of BUILTIN groups with assigned privileges:
| Privilege name | Default security setting | Description |
|---|---|---|
|
None |
Act as part of the operating system |
|
|
Back up files and directories, overriding any ACLs |
|
|
Restore files and directories, overriding any ACLs. Set any valid user or group SID as the file owner |
|
|
Take ownership of files or other objects |
|
|
Manage auditing This includes viewing, dumping, and clearing the security log. |
|
|
Bypass traverse checking Users with this privilege are not required to have traverse (x) permissions to traverse folders, symlinks, or junctions. |