How to apply NTFS permissions on a directory where inherited and non-inherited permissions differ for the same user or group via PST

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 970

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
ONTAP PowerShell Toolkit (PST)
NTFS Security Descriptor (SD) \ Discretionary Access Control List (DACL) \ Access Control List (ACL)

Description

NTFS ACLs permissions can be applied to these objects
- Current Folder
- Subfolders
- Files

You can apply NTFS ACLs to all three, however it is not possible to apply different sets of permissions for the same user
- as example
  - the first command is successful

Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor <security descriptor name> -VserverContext <vserver name> -AccessType allow -Account "domain\user or group" -Rights modify -ApplyTo sub_folders,files

the second command is not successful, it fails with the event: Add-NcFileDirectorySecurityNtfsDacl: duplicate entry

Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor <security descriptor name> -VserverContext <vserver name> -AccessType allow -Account "domain\user or group" -Rights read -ApplyTo this_folder

due to "you cannot add 2 different set of permissions in 1 Security Descriptor (SD) to the same object (user\group)"

This ability exists from the Windows side in case of a need: "Security Tab > Advanced"