Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

7MTT Precheck 20504 - Share-level ACLs for UNIX users or groups

Last Updated:

Applies to

7-Mode Transition Tool (7MTT)


The 7-Mode Transition Tool (7MTT) does not support the transition of an Access Control List (ACL) at the level of CIFS shares for UNIX users and groups.

Precheck 20504: The following CIFS shares have share-level ACLs set for UNIX users or groups.

How does this feature work on Data ONTAP 7-Mode?
When you create a CIFS share, Data ONTAP creates a default ACL for the share with full control permissions. To manage CIFS share ACLs, run the cifs access command:
fas2220cl1-ams1*> cifs access
         cifs access <share> [-g] <user|group> <rights>
         cifs access <share> -m
         cifs access -delete <share> [-g] <user|group>
         cifs access -delete <share> -m
                 rights can be Unix-style combinations of r w x -
                 or NT-style "No Access", "Read", "Change", and "Full Control"

How does this feature work on clustered Data ONTAP?
A share-level ACL consists of a list of Access Control Entries (ACEs). Each ACE contains a user or group name and a set of permissions that determine user or group access to the share, regardless of the security style of the volume or qtree containing the share.

Setting up file access using SMB: When an SMB user attempts to access a share, Data ONTAP always checks the share-level ACL to determine whether access should be granted.

Risk: An ACL is a list of ACEs. Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. An ACL is created for secure access to data, and any flaws can result in a data compromise.


Scan to view the article on your device

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support