What are the differences between NTFS and Share permissions?
Applies to
- ONTAP 9
- CIFS
Answer
NTFS Folder/File permissions differ from Share permissions in several ways.
- Share permissions are set on the Common Internet File System Protocol (CIFS) share.
- These are configured on the filer and apply only to users accessing the CIFS share via the network.
- Share permissions are configured by the storage device's administrator.
- They are independent of the NTFS Folder/File-level permissions.
- NTFS Folder/File-level permissions are set on the individual files and folders stored on the NetApp filer (or any CIFS-capable storage device).
- These permissions can be set by the owner of the folder/file or by the Windows administrator.
- These permissions can be applied to either users or groups
- The permissions are cumulative, in that permissions specified at the user and at the group level are both considered when verifying access.
- *The most restrictive permissions apply.
- When a user requests access to a folder/file on a CIFS share, the share permissions are checked first.
- If the user has access based on the share-level permissions, the folder/file level NTFS permissions are then checked.
- If the user has access, the file/folder data is provided to the user.
- It is a best practice to have NTFS Folder/File level permissions be more restrictive than share-level permissions.