Defining Access Control Lists; Integrating Local File System Security Into Windows Domain Environments - Tandberg Data NAS Hardware Viking FS-1500 Administration Manual

Tandberg Data Folder & Share Management
__________________________________________________________________________________________________

6.3.2. Defining Access Control Lists

The Access Control List (ACL) contains the information that dictates which
users and groups have access to a share, as well as the type of access that
is permitted. Each share on an NTFS file system has one ACL with multiple
associated user permissions. For example, an ACL can define that User1
has read and write access to a share, User2 has read only access, and
User3 has no access to the share. The ACL also includes group access
information that applies to every user in a configured group. ACLs are also
referred to as permissions.
6.3.3. Integrating Local File System Security into Windows
Domain Environments
ACLs include properties specific to users and groups from a particular
workgroup server or domain environment. In a multidomain environment,
user and group permissions from several domains can apply to files stored
on the same device. Users and groups local to the NAS appliance can be
given access permissions to shares managed by the device. The domain
name of the NAS appliance supplies the context in which the user or group
is understood. Permission configuration depends on the network and domain
infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all
connections over the network. (NFS supplies a machine based context.)
When new files are created by those users or machines, the appropriate
ACLs are applied.
Configuration tools provide the ability to share permissions out to clients.
These shared permissions are propagated into a file system ACL and when
new files are created over the network, the user creating the file becomes
the file owner. In cases where a specific subdirectory of a share has different
permissions from the share itself, the NTFS permissions on the subdirectory
apply instead. This method results in a hierarchical security model where the
network protocol permissions and the file permissions work together to
provide appropriate security for shares on the device.
Note
Share permissions and file level permissions are implemented separately. It is
possible for files on a file system to have different permissions from those applied to
a share. When this situation occurs, the file level permissions override the share
permissions.
6-10 Tandberg Viking Series Storage Server Administration Manual