Skip to main content
NetApp Knowledge Base

How does Access Based Enumeration (ABE) work?

Views:
2,351
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • Data ONTAP 8 7-Mode

Answer

  • When creating a (CIFS) share, for example TEST, with the accessbasedenum option, the CIFS share TEST is not hidden.
  • According to the Access Based Enumeration documentation, when access-based enumeration (ABE) is enabled on a CIFS share, users who do not have permission to access a shared folder or file underneath it (whether through individual or group permission restrictions), do not see that shared resource displayed in their environment.
  • Local administrators still have unrestricted enumeration. Members of the BUILTIN\Administrators group are granted unrestricted access to the local system. Thus, an account in this group would be able to enumerate the entire directory.By default, ABE is disabled.
  • Data ONTAP 8 7-Mode:
    • To enable ABE
      • cifs shares -change sharename -accessbasedenum
    • To disable ABE
      • cifs shares -change sharename -noaccessbasedenum
 ONTAP 9 :
  • ::> cifs share properties add -vserver [vserver name] -share-name [share] -share-properties access-based-enumeration
  • ::> cifs share properties remove -vserver [vserver name] -share-name [share] -share-properties access-based-enumeration

Additional Information