2009-08-07 09:40 AM
This looked to be the most relevant community to post this comment in - sorry if its not.
ONTAP 7.2 gave us the ablity to enable ABE (Access Based Enumeration) support at the share level (cifs shares) using an extended attribute of the share command. ABE appears to be gaining popularity in the Windows arena (in my business sector at least) because from an Information Security perspective it only shows users what they are entitled to access rather than everything in the directory (simplified here to make a point).
Is there anyway to make enabling ABE in my NetApp Filer environment easier? For example can all shares that get created have ABE enabled by default rather than having to set it at a per share level. Consider also that in large environments the people responsible for creating shares may be using the MMC and other Microsoft tools to manage shares and may not be logging into ONTAP to run the CIFS SHARES command as ONTAP access is limited to the storage administration team.
Is anyone looking at this, thinking about it or seeing the same challenges in their environment?
2012-06-20 12:42 AM
Obviously this is an old post, however to turn on ABE on all shares you can use:
cifs shares -change * -accessbasedenum
ABE will not be enabled by default on all new shares created, but it will be enabled for any existing share.