Managing acls or slps on a cifs share – Dell PowerVault NX3500 User Manual

9. Click Other users or groups.

The Select User or Group dialog box appears.

10. Choose the domain admin user account that is used to set ACLs for this CIFS share or choose the

Domain Adminsgroup. Alternatively, the FluidFS cluster Administrator account can be used.

11. Click OK.
12. Select Replace owner on subcontainers and objects and click OK.
13. After the owner is set, unmap the network drive.
14. Remap the network drive as the account that has ownership of it, as set in step (10).
15. Click the Permissions tab of the Advanced Security Settings dialog box and follow Microsoft best

practices to assign ACL permissions for users and groups to the CIFS share.

16. Click OK.

Managing ACLs or SLPs on a CIFS Share

The FluidFS cluster supports two levels of access control to CIFS shares, files, and folders:

• Access Control Lists (ACLs): Governs access to specific files and folders. The administrator can

control a wide range of operations that users and groups can perform.

• Share Level Permissions (SLPs): Governs access to entire shares. The administrator controls only read,

change, or full access to an entire share.

SLPs are limited as they only address full control, modify, and read rights for any given user or group at
the CIFS share level. ACLs offer a finer level of control, and can control many more operations than only
read/change/full access. It is recommended to leave the default setting for SLP (everyone has full control)
and use ACLs to control access to the CIFS share, unless there is a specific requirement for SLPs that
cannot be accomplished using ACLs.
Dell recommends that a Windows administrator follows the best practices defined by Microsoft for ACLs
and SLPs.

NOTE: Do not create both ACL

‐type permissions and SLPs for the same CIFS share.

NOTE: Do not attempt to create a CIFS share using MMC. Use MMC only to set SLPs.

Setting ACLs on a CIFS Share

To set ACLs, use Windows Explorer procedures. When defining an ACL for a local user account, you must
use the format: <client_VIP_or_name>\<local_user_name>.

Setting SLPs on a CIFS Share

If the FluidFS cluster is not joined to Active Directory, use the Administrator account to change the owner

of a CIFS share. These steps might vary slightly depending on which version of Windows you are using.
To set SLPs, you must use the Microsoft Management Console (MMC) with the Shared Folder snap

‐in to

set permissions. Administrators can use a predefined MMC file (.msc) from the Windows Server
2000/2003/2008 start menu and add a Shared Folder snap

‐in to connect to the FluidFS cluster. The MMC

does not let you choose which user to connect with a remote computer. By default, it forms the
connection through the user logged on to the machine. To connect through a different user:

• If the FluidFS cluster that you are trying to manage is joined to an Active Directory, log in to the

management station with <domain>\Administrator.

• Before using MMC, connect to the FluidFS cluster by using the client VIP address in the address bar of

Windows Explorer. Log in with the administrator account and then connect to MMC.

103