Everyone ~ Full Control at the share level isn't always a bad idea as long as you put proper controls on your files at the NTFS level. It avoids the issue of clashing permissions. But it really depends on what you are trying to accomplish. Share permissions can serve a good purpose if they accomplish what you want.
It's always like Chevy vs. Ford when I have this conversation with customers. Whatever the customer is comfortable with ... we'll let you do what you want.. share vs. file ... I tend to see more everyone shares than not though in several years of working with NetApp at customers... and agree completely it is harder to troubleshoot when share and file permissions are fighting... One reason I can see locking down at the share is if Access Based Enumeration is or is going to be implemented.
All our shares are full control. All the security is set on ntfs. Works great, is easy to maintain and very easy for trouble shooting. But indeed, you must choose the model that's fits your company (and your administrators )
my recommendations is that to aviod or please dont put everyone full cifs/netapp level permission on your filers specially when your filer is in a heterogenous environment with NFS & CIFS or a multiprotocol filer (uses CIFS and NFS).. you can read more on http://media.netapp.com/documents/wp_3014.pdf (chapters 3 & 4)
for me the better way to replace the everyone full permisison is with NT AUTHORITY\Authenticated Users probably with change permission not with full..then implement a Active Directory Domain User grouping and add the group in the CIFS Level permission and create another group for security level permission.
CIFS/NetApp level permission
Filer01> cifs shares Test
Test /vol/v_vol01/test ADDomain\test_ms / Change ADDomain\test_rs / Read
In security level permssion
-- ADDomain\test_ms -- with modify permission
-- ADDomain\test_ms-- with read& execute permission
this will make sure that only the users who are member in the group can access in the share drive Test.. this is also good when you have a security audit..