ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Is there a way to apply two cifs permissions at the same time and have it propagate it downwards ?

vijayang
NetApp
‎2026-03-09 09:56 PM
644 Views

Hi, 

 

We are trying to append file permissions on to our CIFS shares. We want to add a permission for a group of users with read only access and also add a permission for a group of users with write access. 


We use ONTAP APIs to do it and have created a python script  that would apply read-DL with read-permission(with propagate enabled), get the Job_UUID from the cluster and store it in a DB followed by applying write-DL with read+write-permissions(with propagate enabled), get the job_UUID from the cluster and store it in the same DB.

the issue what we faced is: some of the subfolders and files had the read-DL permission applied, some had the write-DL permission applied, some subfolders having both read-DL and write-DL permission applied. Ideally the logic is to have both the read-DL and write-DL permissions applied for all subfolders and files underneath the parent share where we apply run the script. ( API calls )

 

One thing we noticed is, when we first apply the read-DL permissions (through API), wait for it complete and then execute the script for write-DL permission, it works. All files and sub-folders have both read-DL and write-DL permissions applied. 

is there a way we can apply read-DL permissions and write-DL permissions at the same time (parallely) on files and folders? 
Is this something the community has tried and implemented successfully ?
or are there any known caveats? 

Is this an API issue or a known behaviour of how NTFS handles DACLs inheritance / propagation ? 

your help and pointers is highly appreciated. 

 

0 Kudos
2 REPLIES 2

BeckyLElliott
‎2026-03-20 07:33 AM
445 Views

Are you trying to apply read and write to the same resource?  

I haven’t worked with the ONTAP API, but I’ve used the NTFSSecurity module via PowerShell to collect, audit, and adjust NTFS permissions on SMB shares.  I definitely recommend.  

It’s not a built-in PowerShell module. It needs to be installed or copied out to the $PSModulePath. 
https://ntfssecurity.readthedocs.io/en/latest/

vijayang
NetApp
‎2026-03-22 10:42 PM
In response to BeckyLElliott
390 Views
Thanks for the reply,

With the NTFS security module, were you able to apply two different permissions on the same path and have it propagate it downwards?
What we are trying to do is simple.

For a particular folder, we’d apply “dl-read” and “d—X” permissions at the same time and have it propagate it to the files and subfolders underneath it.
Any user who is a part of “dl-read” will have read access and any user who is a part of “dl-X” will have read, write, modify access.

We tried it using APIs.
It works when we first apply the dl-Read permission, wait for a while to get this propagation completed. And then when we apply dl-X it propagates as expected.
But when we try applying simultaneously (without having to wait for the dl-read to complete the propagation ), some files have only dl-read and some have dl-X permissions.

Ideally very single file should have both the permissions set.

It would be nice if there is a documentation on how this can be achieved using powershell or any other tool.

I suspect, we might be running into ACL race issue when using the APIs
0 Kudos
All Community Forums
Public