Search

Changing permissions on the root of a share removes inherited ACEs on that path
https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/Changing_permissions_on_the_root_of_a_share_removes_inherited_ACEs_on_that_path
When attempting to edit the permissions on the root of a share, the following error is displayed when the root is inheriting ACEs from its parent: Remotely setting permissions on a folder at the root ...When attempting to edit the permissions on the root of a share, the following error is displayed when the root is inheriting ACEs from its parent: Remotely setting permissions on a folder at the root of a share removes all inherited permissions from the root folder and all subfolders. If 'yes' is selected, all inherited ACEs on the root of the share and any ACEs inherited from the root of the share are removed
How can all directories for a vol/qtree be automatically owned by a certain group
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_can_all_directories_for_a_vol_qtree_be_automatically_owned_by_a_certain_group
setgid can be used for providing this behavior for a particular directory, but the desired behavior is to have all directories, regardless of parent directory receive the group in question as the grou...setgid can be used for providing this behavior for a particular directory, but the desired behavior is to have all directories, regardless of parent directory receive the group in question as the group owner There is no volume or qtree-level option for this, in general, though a similar behavior can be achived using NFSv4 ACLs, if that is acceptable in the desired scenario
NTFS permissions on a CIFS share are not taking effect on a specific user
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/NTFS_permissions_on_a_CIFS_share_are_not_taking_effect_on_a_specific_user
The user who is able to access the CIFS share even though ACL's don't allow access UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User) User is also a member of Everyone, Authenticated U...The user who is able to access the CIFS share even though ACL's don't allow access UNIX UID: pcuser <> Windows User: TEST\user1 (Windows Domain User) User is also a member of Everyone, Authenticated Users, and Network Users Permissions on the share also show no access for this user vserver security trace output for the user in question "Access is allowed because the operation is trusted and no security is configured while opening existing file or directory.
File created by CIFS users with an inherited NFSv4 ACL cannot be modified by the same user
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/File_created_by_CIFS_users_with_an_inherited_NFSv4_ACL_cannot_be_modified_by_the_same_user
Files with inherited NFSv4 ACL Unix security style volume When creating a new file in a directory with NFSv4 inherited ACLs, the user creating the file may not have permission to access the file. File...Files with inherited NFSv4 ACL Unix security style volume When creating a new file in a directory with NFSv4 inherited ACLs, the user creating the file may not have permission to access the file. Files created in windows using SMB showing as modebits 000 in linux: File Path: /vol1 File Inode Number: 64 Security Style: unix Effective Style: unix DOS Attributes in Text: ----D--- UNIX User Id: 0 UNIX Mode Bits: 000 UNIX Mode Bits in Text: - Linux users not able to access those files
XCP copy does not transfer ACL to pre-existing qtree
https://kb.netapp.com/on-prem/ontap/da/XCP/XCP-KBs/XCP_copy_does_not_transfer_ACL_to_pre-existing_qtree
Applies to ONTAP 9 XCP SMB Issue When migrating data through XCP SMB, if a qtree is pre-created under the target volume, the qtree itself will not inherit the Windows ACL information from the source v...Applies to ONTAP 9 XCP SMB Issue When migrating data through XCP SMB, if a qtree is pre-created under the target volume, the qtree itself will not inherit the Windows ACL information from the source volume Subsequent xcp sync will transfer the Windows ACL information for this qtree XCP command: C:\ > xcp copy -parallel 20 -acl -aclverify no \\source_cifs share path \\target_cifs share path Note: The target path does not include the qtree name
Unable to set ACLs for the CIFS share with an error "cannot determine whether the computer is joined to a domain"
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Unable_to_set_ACLs_for_the_CIFS_share_with_an_error_cannot_determine_whether_the_computer_is_joined_to_a_domain
Unable to set ACLs for the CIFS share using the Security tab on a Windows client with an error message: "The program cannot open the required dialog box because it cannot determine whether the compute...Unable to set ACLs for the CIFS share using the Security tab on a Windows client with an error message: "The program cannot open the required dialog box because it cannot determine whether the computer named “cifs -server” is joined to a domain. 00000024.0001e32b 02a31434 Thu Feb 04 2021 00:00:00 00:00 [kern_secd:info:12345] [ 13] Unable to connect to LDAP (Active Directory) service on AAAA.BBBB.CCC.com
What other options are there to apply NTFS ACLs if Windows Explorer is too slow?
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/What_other_options_are_there_to_apply_NTFS_ACLs_if_Windows_Explorer_is_too_slow
There are many different applications to apply NTFS ACLs(permissions) to a cifs share. How to Configure and apply file security on NTFS files and folders using the CLI SLAG applies the same ACLs to th...There are many different applications to apply NTFS ACLs(permissions) to a cifs share. How to Configure and apply file security on NTFS files and folders using the CLI SLAG applies the same ACLs to the whole volume or qtree where it was applied instantly. A common practice to speed up ACL propagation is to use multiple clients(for icacls), or multiple jobs(for file-directory apply) and have each client/job apply to a seperate data set.
What makes up an NFSv4 ACL
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/What_makes_up_an_NFSv4_ACL
Applies to ONTAP 9 Vserver configured with NFSv4 ACL Description The NFSv4 ACL is formatted into several parts, split by colons. type:flags:principal:permissions Example: A:g:users@nfsacl.local:rwadtT...Applies to ONTAP 9 Vserver configured with NFSv4 ACL Description The NFSv4 ACL is formatted into several parts, split by colons. type:flags:principal:permissions Example: A:g:users@nfsacl.local:rwadtTnNcCy
Verification across SQL Instances not possible
https://kb.netapp.com/data-mgmt/SnapCenter/SC_KBs/Verification_across_SQL_Instances_not_possible
When SCSQL scheduled verification job of multiple instances runs, it will randomly choose only one of the SQL instances configured to perform the verification. When Instance A needs to run the verific...When SCSQL scheduled verification job of multiple instances runs, it will randomly choose only one of the SQL instances configured to perform the verification. When Instance A needs to run the verification of Instance B, access denied errors are reported. ERROR SmSql_PID=[] TID=[] Unable to open the physical file "C:\scmnpt\mpdisk0001\\". Some file names listed could not be created. Error,,MSSQL$_,"FCB::Open failed: Could not open file C:\scmnpt\mpdisk0001\\ for file number 0.
Unable to set ACLs using the Security tab in Windows
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Unable_to_set_ACLs_using_the_Security_tab_in_Windows
An error is seen when attempting to set ACLs using the Security tab on a Windows client connecting via CIFS. Security style is mixed and Effective Style is unix on the file or directory ::>vserver sec...An error is seen when attempting to set ACLs using the Security tab on a Windows client connecting via CIFS. Security style is mixed and Effective Style is unix on the file or directory ::>vserver security file-directory> show -vserver vs1 -path /file1 -volume-name vs1rootvol Affected uiser is not part of the Administrators group Log in to the Domain Controller. Search for the user name and click the Member of tab to check the groups of which this user is a member.