Unable to reassign ownership of files in CIFS share due to SeRestorePrivilege missing
Applies to
- ONTAP 9
- Microsoft Windows
- RoboCopy
- Windows PowerShell
Issue
- Unable to reassign ownership or change ownership of files within a CIFS share.
- The client may report one of these errors:
An error occurred while applying security information to: <path to share> The security ID may not be assigned as the owner of this object.
Unable to set new owner on <folder name>. You do not have the Restore privilege required to set this user/group as owner.
ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory. This security ID may not be assigned as the owner of this object.
- User has no SeRestorePrivilege assigned
::*> vserver services access-check authentication show-creds -node cluster1-01 -vserver svm1 -win-name DOMAIN\Administrator
UNIX UID: root <> Windows User: DOMAIN\Administrator (Windows Domain User)
GID: daemon
Supplementary GIDs:
daemon
Primary Group SID: DOMAIN\Domain Users (Windows Domain group)
Windows Membership:
DOMAIN\Group Policy Creator Owners (Windows Domain group)
DOMAIN\Domain Admins (Windows Domain group)
DOMAIN\Domain Users (Windows Domain group)
DOMAIN\Schema Admins (Windows Domain group)
DOMAIN\Enterprise Admins (Windows Domain group)
DOMAIN\Denied RODC Password Replication Group (Windows Alias)
Service asserted identity (Windows Well known group)
BUILTIN\Administrators (Windows Alias)
BUILTIN\Users (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x22b7):
SeBackupPrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SeChangeNotifyPrivilege
Note: The vserver services access-check authentication show-creds
command is available in the advanced privilege level starting in ONTAP 9.4. On prior releases, use the diag secd authentication show-creds
command at the diagnostics privilege level.