Guidelines for managing SMB share-level ACLs
Suggest changes
PDFs
You can change share-level ACLs to give users more or less access rights to the share. You can configure share-level ACLs by using either Windows users and groups or UNIX users and groups.
By default, the share-level ACL gives full control to the standard group named Everyone. Full control in the ACL means that all users in the domain and all trusted domains have full access to the share. You can control the level of access for a share-level ACL by using the Microsoft Management Console (MMC) on a Windows client or the ONTAP command line.
The following guidelines apply when you use the MMC:
-
The user and group names specified must be Windows names.
-
You can specify only Windows permissions.
The following guidelines apply when you use the ONTAP command line:
-
The user and group names specified can be Windows names or UNIX names.
If a user and group type is not specified when creating or modifying ACLs, the default type is Windows users and groups.
-
You can specify only Windows permissions.