Skip to main content

NetApp wins prestigious Coveo Relevance Pinnacle Award. Learn more!

INSIGHT Japan :2023年 1月25日(水)ANAインターコンチネンタルホテル開催 へ参加・申込を行う

NetApp Knowledge Base

7MTT Precheck 20504 - Share-level ACLs for UNIX users or groups

Last Updated:

Applies to

7-Mode Transition Tool (7MTT)


The 7-Mode Transition Tool (7MTT) does not support the transition of an Access Control List (ACL) at the level of CIFS shares for UNIX users and groups.

Precheck 20504: The following CIFS shares have share-level ACLs set for UNIX users or groups.

How does this feature work on Data ONTAP 7-Mode?
When you create a CIFS share, Data ONTAP creates a default ACL for the share with full control permissions. To manage CIFS share ACLs, run the cifs access command:
fas2220cl1-ams1*> cifs access
         cifs access <share> [-g] <user|group> <rights>
         cifs access <share> -m
         cifs access -delete <share> [-g] <user|group>
         cifs access -delete <share> -m
                 rights can be Unix-style combinations of r w x -
                 or NT-style "No Access", "Read", "Change", and "Full Control"

How does this feature work on clustered Data ONTAP?
A share-level ACL consists of a list of Access Control Entries (ACEs). Each ACE contains a user or group name and a set of permissions that determine user or group access to the share, regardless of the security style of the volume or qtree containing the share.

Setting up file access using SMB: When an SMB user attempts to access a share, Data ONTAP always checks the share-level ACL to determine whether access should be granted.

Risk: An ACL is a list of ACEs. Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. An ACL is created for secure access to data, and any flaws can result in a data compromise.


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device