Skip to main content
NetApp Knowledge Base

7MTT Precheck 20504 - Share-level ACLs for UNIX users or groups

Last Updated:

Applies to

7-Mode Transition Tool (7MTT)


The 7-Mode Transition Tool (7MTT) does not support the transition of an Access Control List (ACL) at the level of CIFS shares for UNIX users and groups.

Precheck 20504: The following CIFS shares have share-level ACLs set for UNIX users or groups.

How does this feature work on Data ONTAP 7-Mode?
When you create a CIFS share, Data ONTAP creates a default ACL for the share with full control permissions. To manage CIFS share ACLs, run the cifs access command:
fas2220cl1-ams1*> cifs access
         cifs access <share> [-g] <user|group> <rights>
         cifs access <share> -m
         cifs access -delete <share> [-g] <user|group>
         cifs access -delete <share> -m
                 rights can be Unix-style combinations of r w x -
                 or NT-style "No Access", "Read", "Change", and "Full Control"

How does this feature work on clustered Data ONTAP?
A share-level ACL consists of a list of Access Control Entries (ACEs). Each ACE contains a user or group name and a set of permissions that determine user or group access to the share, regardless of the security style of the volume or qtree containing the share.

Setting up file access using SMB: When an SMB user attempts to access a share, Data ONTAP always checks the share-level ACL to determine whether access should be granted.

Risk: An ACL is a list of ACEs. Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. An ACL is created for secure access to data, and any flaws can result in a data compromise.


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device