Overland Storage SnapServer Administrator's Manual page 142

SnapServer 7.0 Administrator's Guide
Share Access Behaviors
Administrators tasked with devising security policies for the SnapServer will find the
following share access behaviors of interest:
• Share access defaults to full control – The default permission granted to users
and groups when they are granted access to the share is full control. You may restrict
selected users and groups to read-only access.
• User-based share access permissions are cumulative – An SMB, AFP, HTTP, or
FTP user's effective permissions for a resource are the sum of the permissions that
you assign to the individual user account and to all of the groups to which the user
belongs in the Share Access page. For example, if a user has read-only permission to
the share, but is also a member of a group that has been given full-access permission
to the share, the user gets full access to the share.
• NFS access permissions are not cumulative – An NFS user's access level is based
on the permission in the NFS access list that most specifically applies. For example, if
a user connects to a share over NFS from IP address 192.168.0.1, and the NFS access
for the share gives read-write access to * (All NFS clients) and read-only access to
192.168.0.1, the user will get read-only access.
• Interaction between share-level and file-level access permissions – When
both share-level and file-level permissions apply to a user action, the more restrictive
of the two applies. Consider the following examples:
10400317-001 10/2011
©2010-11 Overland Storage, Inc.
7 – Security Options
7-14