Network Storage Protocols Discussions

Creator/Owner Permissions


Hi everybody,

i have a question regarding the Creator/Owner permissions on a CIFS Share. We have several Shares on a FAS3140. Permissions on the share is everyone full control. On the Filesystem we have Full Control only for the Admistrator Group of the Filer and different read or change permissions to Domain Groups to the directory structure on the root level of the share. Permissions for subdirectories / files are inherited. Now we have the following problem. Per default the creator/owner of a file or directory has full control to it, that means if a user is creating a file or a directory he is able to modify the permissions of it, what we do not want. In Windows 2008 there is a new security principal called "OWNER RIGHTS" where this problem can be adressed (the process is described here: .

My question is, is this also possible with a netapp filer ? Somebody solved that problem somehow and could guide me in the right direction ?

Thx and Best Regards




Good question. Have you tested whether setting of this ACE has any effect?


I could be wrong and I haven't done this very often, but I think all you need to do is to use the "CREATOR OWNER" principal and don't assign "change permissions" rights. I know this is supported by NetApp's CIFS implementation. You should test this to make sure it's doing what you want.



Message was edited by: Richard Harwood Don't confuse principal and principle!


Hi everybody,

thanks for the answers. I will definetely try out the CREATOR OWNER permission. I was not aware that this is possible in the netapp cifs implementation.


i tested a few things. Permissions on the CREATOR OWNER principal you can only set inside FilerView on the Share. If i try that with the explorer i get an Object not found error. If i set permissions on the share for everyone to full control and CREATOR OWNER to change, then there is no effect at all. Users can acces the share as before and the creators of files/directories are able to change permissions. If i set the permissions on the share for everyone to change, then the creators of files / directories are not able to change permissions anymore, this applies to old and to new files / directories. So i guess this is the way to go for me.



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner