Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Setting NTFS ACL permission via the ONTAP PowerShell module
2018-09-19
12:13 PM
6,041 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
How can I apply NTFS permissions using the ONTAP PowerShell module? I can't use Set-Acl because I can't pass credentials to it for automation.
When provisioning CIFS shares using the Add-NcCifsShare command, I can see ACL is included... usually the Everyone group since it's a new share. See below.
I can also see the permission I applied via the GUI in Windows show up using Get-NcFileDirectorySecurity and looking at the Acls property. What ONTAP command can I use to apply a AD group and say Read/Execute/List, and another AD group to Modify?
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
This is the ontap PS module way:
however i think that set-acl is the easier way i'm adding below a function i'm using in my provision script that elevate the permission with Invoke-Command. also - as you start with everyone/full control you acutely only need permission on the share to change the ACL with whatever user you running with (if' it's authenticating). so you can create the share with the default access list, apply NTFS ACL and then only changes the share access list as well.
use with:
Set-MyPermission -MyPath "\\filer\share\" -MyCred (get-credential)
Function Set-MyPermission { [CmdletBinding()] param($MyPath,$MyCred) $MyPSSession = New-PSSession -Credential $MyCred Invoke-Command -Session $MyPSSession -ArgumentList $MyPath -ScriptBlock ` { param([string]$MyPath) try { $MyObjacl = Get-ACL $MyPath } Catch { Write-Error -Category InvalidData -message "Could not get current Folder ACL" return } try { $MyAclRule = New-Object System.Security.AccessControl.FileSystemAccessRule(("RW_Group"),"Modify","ContainerInherit, ObjectInherit", "Allow", "Allow") $MyObjacl.AddAccessRule($MyAclRule) #add more lines as above here } catch { Write-Error -Category InvalidData -message "Failed to use one or more of the groups to create the ACE" return } try { Set-Acl $MyPath $MyObjacl } Catch { Write-Error -Category InvalidData -message "Failed apply the ACE on the folder" $MyObjacl return } } Remove-PSSession $MyPSSession }
Gidi
Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Gidi,
I am checking out that forum post...
What are the requirments for using Set-Acl? It requires credentails so does it need access to the mgmt, or svm? Sorry, I am not a NetApp guy.. just attempting to automate shares being created.
Thanks!
Mike
![](/skins/images/B38C252077B5AFBEEB101AABF3DD2460/responsive_peak/images/icon_anonymous_message.png)