NetApp assigning local groups to Share permissions

JLUCAS_PLUMCHOICE · ‎2014-05-12

Hey all,

We're having an issue where our NetApp seems to be assigning CIFS share permissions to our shared folders based on the groups on the NetApp. In the past, we would create a share and leave the NTFS permissions to Everyone R/W/X, and then control access based on the CIFS Permissions. Recently, it has been brought to our attention that the shares are starting to have groups added to them which were no assigned by any of our admins. These groups are FAS02\Administrators and FAS02\Users. These are groups local to the NetApp which contain Domain Admins and Domain Users, respectively. While these groups existing aren't an issue, the security permissions they are applying are. We aren't able to find where they are inheriting these permissions from or how to change them on a share-by-share basis. Also, as we haven't applied these groups directly to any of our shares, we aren't sure how they are just showing up.

Does anyone have any insight into this issue?

Currently, we are managing only with System Manager, not CLI.

-JD

waldrop · ‎2014-05-15

I have not heard of this before, are you saying that the shares immediately upon creation are reflecting these (2) additional groups without you having to do anything? also, is this a Data ONTAP 7-Mode or Clustered Data ONTAP setup? Share permissions are not something it would necessarily inherit.

JLUCAS_PLUMCHOICE · ‎2014-05-15

The groups don't seem to show up immediately after creation, but seem to show up at random. Some new shares have them within a few hours, and some older shares still don't, and everything in between.

We are a Data ONTAP 7-Mode setup.

-JD