7MTT Precheck 20504 - Share-level ACLs for UNIX users or groups

Applies to

7-Mode Transition Tool (7MTT)

Description

The 7-Mode Transition Tool (7MTT) does not support the transition of an Access Control List (ACL) at the level of CIFS shares for UNIX users and groups.

Precheck 20504: The following CIFS shares have share-level ACLs set for UNIX users or groups.

How does this feature work on Data ONTAP 7-Mode?
When you create a CIFS share, Data ONTAP creates a default ACL for the share with full control permissions. To manage CIFS share ACLs, run the cifs access command:
fas2220cl1-ams1*> cifs access
 
Usage:
         cifs access <share> [-g] <user|group> <rights>
         cifs access <share> -m
         cifs access -delete <share> [-g] <user|group>
         cifs access -delete <share> -m
                 rights can be Unix-style combinations of r w x -
                 or NT-style "No Access", "Read", "Change", and "Full Control"

How does this feature work on clustered Data ONTAP?
A share-level ACL consists of a list of Access Control Entries (ACEs). Each ACE contains a user or group name and a set of permissions that determine user or group access to the share, regardless of the security style of the volume or qtree containing the share.

Setting up file access using SMB: When an SMB user attempts to access a share, Data ONTAP always checks the share-level ACL to determine whether access should be granted.

Risk: An ACL is a list of ACEs. Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. An ACL is created for secure access to data, and any flaws can result in a data compromise.