Does volume snapmirror replicate access privilege to the destination volume?
Applies to
- ONTAP 9
- SVM-DR
- SnapMirror
- Access Control List (ACL)
Answer
File ACLs are replicated to the SnapMirror destination along with the files. However, volume-level SnapMirror does not replicate share-level configurations, which are part of the data SVM configuration.
Notes:
- ACLs control access to files, while share-level configurations provide NAS protocol access for shared files.
- To replicate share-level configurations, refer to Replicate an entire SVM configuration.
- There is no way to exclude file ACLs during SnapMirror replication.
- When SnapMirror replicates data between SVMs in different domains, the NTFS ACLs are copied as-is, including the SIDs. If the destination SVM cannot resolve the SIDs to user or group names (because it is joined to a different domain), the ACLs are displayed using the SID format. However, the underlying SID values are not corrupted or lost.
Additional Information
- What does volume level snapmirror replicate?
- Is it possible to replicate the data without the ACL's in SnapMirror?
- How to Create CIFS Share with SnapMirror Destination Volume
- Create SMB share access control lists
- Configure NTFS file permissions using the ONTAP CLI
- Configurations replicated in SVM disaster recovery relationships
- How to apply the source share ACL's to the Destination shares?
- SnapMirror configuration and best practices guide for ONTAP 9