Release notes
Create an NTFS security descriptor in ONTAP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Creating an NTFS security descriptor (file security policy) is the first step in configuring and applying NTFS access control lists (ACLs) to files and folders residing within storage virtual machines (SVMs). You can associate the security descriptor to the file or folder path in a policy task.
You can create NTFS security descriptors for files and folders residing within NTFS security-style volumes, or for files and folders residing on mixed security-style volumes.
By default, when a security descriptor is created, four discretionary access control list (DACL) access control entries (ACEs) are added to that security descriptor. The four default ACEs are as follows:
| Object | Access type | Access rights | Where to apply the permissions |
|---|---|---|---|
BUILTIN\Administrators |
Allow |
Full Control |
this-folder, sub-folders, files |
BUILTIN\Users |
Allow |
Full Control |
this-folder, sub-folders, files |
CREATOR OWNER |
Allow |
Full Control |
this-folder, sub-folders, files |
NT AUTHORITY\SYSTEM |
Allow |
Full Control |
this-folder, sub-folders, files |
You can customize the security descriptor configuration by using the following optional parameters:
-
Owner of the security descriptor
-
Primary group of the owner
-
Raw control flags
The value for any optional parameter is ignored for Storage-Level Access Guard. Learn more in the ONTAP command reference.
