How to apply NTFS permissions on a directory where inherited and non-inherited permissions differ for the same user or group
Applies to
ONTAP 9
Description
WARNING
|
- NTFS ACLs permissions can be applied to these objects:
- Current Folder
- Subfolders
- Files
- You can apply NTFS ACLs to all three, however it is not possible to apply different sets of permissions for the same user
For example:
vserver security file-directory ntfs dacl add -ntfs-sd <SD-Name> -vserver <vServer-Name> -access-type allow -account "Domain\User_or_Group" -rights modify -apply-to sub-folders,files
- The first command was successful
vserver security file-directory ntfs dacl add -ntfs-sd <SD-Name> -vserver <vServer-Name> -access-type allow -account "Domain\User_or_Group" -rights read -apply-to this-folder
- The Second command failed with the following error string: error: command failed: duplicate entry
- The reason for the error is that you cannot add 2 different set of permissions in 1 Security Descriptor (SD) to the same object (user\group).
- This ability exists from the Windows side in case of a need: Security Tab > Advanced