Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

How to apply NTFS permissions on a directory where inherited and non-inherited permissions differ for the same user\group

Views:
186
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

ONTAP 9

Description

  • This process is not the recommended method for NTFS ACL management.
    • It is recommended to use the Windows 'Security' tab whenever possible.
  • NTFS ACLs permissions can be applied to these objects:
    • Current Folder
    • Subfolders
    • Files

You can apply NTFS ACLs to all three, however it is not possible to apply different sets of permissions for the same user.

For example:
​​​​​
vserver security file-directory ntfs dacl add -ntfs-sd <SD-Name> -vserver <vServer-Name> -access-type allow -account "Domain\User_or_Group" -rights modify -apply-to sub-folders,files
 
The first command was successful
 
vserver security file-directory ntfs dacl add -ntfs-sd <SD-Name> -vserver <vServer-Name> -access-type allow -account "Domain\User_or_Group" -rights read -apply-tothis-folder
  • The Second command failed with the following error string: error: command failed: duplicate entry
    • The reason for the error is that you cannot add 2 different set of permissions in 1 Security Descriptor (SD) to the same object (user\group).

This ability exists from the Windows side in case of a need: Security Tab > Advanced

image00004.png

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support