Sure thing, if you look at the output below, the vserver cifs share command shows the share level permission on NetApp, so only Domain Admins have access. When you look at the vserver security output, it shows the Windows DACL which still has Everyone listed, so if I go into the properties in Windows it will look like Everyone has access. Like I said though this is really asthetic or so I wouldn't have to explain this for an audit or anything as the permissions work the way they should on the NetApp. Is there a way to have the permissions on NetApp propogate so they are in sync on the Windows DACL as well?
SAN::> vserver cifs share access-control show -share Test
Share User/Group User/Group Access
Vserver Name Name Type Permission
-------------- ----------- --------------------------- ----------- -----------
svm01 Test Domain Admins windows Full_Control
SAN::> vserver security file-directory show -vserver svm01 -path /Test
Vserver: svm01
File Path: /Test
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO