The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Microsoft Virtualization Discussions

multiple permissions for same trustee - how to realize with powershell


Hi all,


i got a question from a customer which i'd like to discuss here:


$tmpSDID  = "sd01"
$tmpPolID = "pol01"

# AAAAA # create new SD with temp-ID $sd = New-NcFileDirectorySecurityNtfs -SecurityDescriptor $tmpSDID
# remove default entries from SD-DACL # defaults are for Creator/Owner ; nt auth/SYSTEM, builtin\administratros und bziltin\users all with full-control Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $tmpSDID | Remove-NcFileDirectorySecurityNtfsDacl # BBBBBB # add permissions to DACL of the SD $ace1 = Add-NcFileDirectorySecurityNtfsDacl -Account $g1 -SecurityDescriptor $tmpSDID -AccessType allow -Rights full_control -ApplyTo this_folder, sub_folders, files $ace2 = Add-NcFileDirectorySecurityNtfsDacl -Account $g2 -SecurityDescriptor $tmpSDID -AccessType allow -Rights full_control -ApplyTo this_folder, sub_folders, files $ace3 = Add-NcFileDirectorySecurityNtfsDacl -Account $g3 -SecurityDescriptor $tmpSDID -AccessType allow -Rights full_control -ApplyTo this_folder, sub_folders, files # CCCCCCCCC # create policy task $poltsk = Add-NcFileDirectorySecurityPolicyTask -Name $tmpPolID -SecurityType ntfs -NtfsSecurityDescriptor $tmpSDID -Path $Path # apply policy task $r = Set-NcFileDirectorySecurity -Name $tmpPolID # Cleanup of policy task and descriptors, wait 5 seconds to let the netapp digest... Start-Sleep -Seconds 5 Remove-NcFileDirectorySecurityPolicy -Name $tmpPolID Remove-NcFileDirectorySecurityNtfs -Name $tmpSDID

Everything is fine till here. But the customer asks how to assign multiple permissions to the same trustee, which should work as follows:

 $ace1 = Add-NcFileDirectorySecurityNtfsDacl -Account $g1 -SecurityDescriptor $tmpSDID -AccessType allow -Rights read               -ApplyTo   this_folder
$ace2 = Add-NcFileDirectorySecurityNtfsDacl -Account $g1 -SecurityDescriptor $tmpSDID -AccessType allow -Rights full_control -ApplyTo sub_folders, files

But according to the customer this throws an error because of duplicate entries.


In a pure Windows Powershell-Environment the customer would handle like this:

$ACL = Get-Acl $Path
# Regel 1 : overwrite existing permissions of $Trustee with new ones
$ar = New-Object$Trustee,$Permission,$inhCIOI,$propNone,"Allow")

# Regel2: add additional permissions to $Trustee
$ar = New-Object$Trustee,$anderePermission,$inhCIOI,$andereProp,"Allow")
$ACL.AddAccessRule($ar)                Set-Acl -Path $Path  -AclObject $ACL


How can we achieve the same with our Powershell SDK?


any input is appreciated!







what is the way to get this fixed? Create a case although PSTK is only under community-support?


i'm afraid i don't know - i'm myself a customer.  i expect that if it's a reproducible issue it will qualify to a case and a burt. hence i also provided the links to help "building" the case.


Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner