topic Re: Setting NTFS ACL permission via the ONTAP PowerShell module in ONTAP Discussions

Setting NTFS ACL permission via the ONTAP PowerShell module

PwrShll — Wed, 04 Jun 2025 13:18:05 GMT

Hello,

How can I apply NTFS permissions using the ONTAP PowerShell module? I can't use Set-Acl because I can't pass credentials to it for automation.

When provisioning CIFS shares using the Add-NcCifsShare command, I can see ACL is included... usually the Everyone group since it's a new share. See below.

I can also see the permission I applied via the GUI in Windows show up using Get-NcFileDirectorySecurity and looking at the Acls property. What ONTAP command can I use to apply a AD group and say Read/Execute/List, and another AD group to Modify?

Re: Setting NTFS ACL permission via the ONTAP PowerShell module

GidonMarcus — Fri, 21 Sep 2018 00:22:25 GMT

Hi.

This is the ontap PS module way:

http://www.craig-tolley.co.uk/2016/02/09/assigning-permissions-to-a-volume-through-the-netapp-powershell-toolkit/

however i think that set-acl is the easier way i'm adding below a function i'm using in my provision script that elevate the permission with Invoke-Command. also - as you start with everyone/full control you acutely only need permission on the share to change the ACL with whatever user you running with (if' it's authenticating). so you can create the share with the default access list, apply NTFS ACL and then only changes the share access list as well.

use with:

Set-MyPermission -MyPath "\\filer\share\" -MyCred (get-credential)

Function Set-MyPermission
{
    [CmdletBinding()]
    param($MyPath,$MyCred)
    $MyPSSession = New-PSSession -Credential $MyCred 
    Invoke-Command -Session $MyPSSession -ArgumentList $MyPath -ScriptBlock `
    {
        param([string]$MyPath)
        try
        {
            $MyObjacl =  Get-ACL $MyPath
        }
        Catch
        {
            Write-Error -Category InvalidData -message  "Could not get current Folder ACL"
            return
        }
	try
	{
	    $MyAclRule = New-Object System.Security.AccessControl.FileSystemAccessRule(("RW_Group"),"Modify","ContainerInherit, ObjectInherit", "Allow", "Allow") 
	    $MyObjacl.AddAccessRule($MyAclRule)
	    #add more lines as above here
        }
        catch
        {
            Write-Error -Category InvalidData -message  "Failed to use one or more of the groups to create the ACE"
            return
        }
        try
        {
            Set-Acl $MyPath $MyObjacl
        }
        Catch
        {
            Write-Error -Category InvalidData -message "Failed apply the ACE on the folder"
            $MyObjacl
            return
        }
    }
    Remove-PSSession $MyPSSession
}

Gidi

Re: Setting NTFS ACL permission via the ONTAP PowerShell module

PwrShll — Tue, 09 Oct 2018 14:43:44 GMT

Thanks Gidi,

I am checking out that forum post...

What are the requirments for using Set-Acl? It requires credentails so does it need access to the mgmt, or svm? Sorry, I am not a NetApp guy.. just attempting to automate shares being created.

Thanks!

Mike