2016-02-17 12:56 PM
Solved! SEE THE SOLUTION
2016-02-17 04:38 PM - last edited on 2016-02-17 04:46 PM by allison
Please see the following KB article:
The default CIFS share ACL will be set to "Everyone - Full Control" however you should then restrict the NTFS permissions to each users home directory (sub folder within volume\qtree) to their individual Active Directory user account (and I'd recommend including an administrative group in the NTFS permissions for the purpose of data restores).Also keep in mind that the default permissions the FlexVol will be everyone - Full Control so I'd recommend restricting this to an administrative group before creating qtrees, CIFS Shares or copying any data to the volume.
As NTFS permissions are derived from the combination of the CIFS Share and NTFS permissions, the most restrictive configuration will apply. So assuming you set NTFS permissions appropriately on each users home directory folder this will prevent a user from accessing another users home directory (even if you leave the default CIFS Share ACL as "Everyone - Full Control").
It's also worth noting that if you want to grant users full control access to their home directory data then the CIFS Share ACL needs to be set to "full control", not "change" as setting it to "change" would limit the users effective NTFS permissions to Modify. If you want to change the default Share permissions to use something other than "Everyone" then consider applying the "Authenticated Users" or "Domain Users" group instead.
Please let me know if you have any questions?