Software Development Kit (SDK) and API Discussions

Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

AmjathKhan
5,510 Views

Hello All,

 

please let me know the procedure to set a particular AD group to have access to a Folder created inside of cifs Shares.

 

please do the needful.

 

With Thanks & Regards

Amjath

6 REPLIES 6

AmjathKhan
5,513 Views

Hello All,

 

I need to add a AD group (read/write) access to the folder created inside the cifs shares.

 

I knew fsecurity will show the details like which are all AD groups have access to particular folder, but I want to write the details into netapp

 

please do the needful.

 

Model: FAS8020
NetApp Release 8.2.3P4 7-Mode

 

With Thanks & Regards

Amjath

Jeff_Yao
5,468 Views

afaik, i dont think there's command on filer can help u do that. u have to do it on client side. maybe windows powershell can do something about it. like "cacls" cmd.

thanks 

Jeff

AmjathKhan
5,441 Views

Thanks for the info, will try cacls command as well.

 

Is fsecurity apply wont help in this case by setting the .config file  ?? 

 

with Thanks 

Amjath

Jeff_Yao
5,429 Views

hi, 

 

"fsecurity apply" should work as well. personally recommand you do it on client side. i recall there's a bug in "fsecurity apply". below TR includes some chapters you can read thru. checking 2.3 and 2.4. it should be helpful. 

http://www.netapp.com/us/media/tr-3596.pdf

thanks

Jeff

raj_shrivastava11
5,464 Views

Hi Amjath,

 

Firstly, try to access the CIFS Share on any of your Windows Based Server/Machine. it should be accessed like "\\netappname or IP\Sharename".

 

Then Right click on a "Folder" on which you want to add the "AD Group"

 

1. In Sharing Tab --> "Everyone" should be "Full Control"

 

2. In Security Tab --> you should be able to add the "AD Group" and set the required permission and apply it.

 

3. Access the folder using that "AD Group" or by members of that AD Group.

 

Hope this helps

 

BR

Raj

 

 

AmjathKhan
5,458 Views

Hello Raj,

 

Thanks for the info, yep this is the manual way of doing that, but i want this steps need to be automated using the .net API / using the netapp cli commands.

 

please help on that.

 

dont we have any straight command to give permission to the folder with AD groups ??

I read somewhere they are saying, create new fpolicy and then using the fsecurity apply the policy to the folder. but I didnt understand the flow.

 

something like this

Create a conf file containing the following:

cb56f6f4 1,0,"/vol/vol_name/qtree_name/subdir",0,"D:P(A;CIOI;0x1f01ff;;;Everyone)"

 

Save it on your filer somewhere (example in manpage is /etc/security.conf).

Run:

fsecurity show /vol/vol_name/qtree_name/subdir

fsecurity apply /etc/security.conf

fsecurity show /vol/vol_name/qtree_name/subdir

 

With Thanks  & Regards

Amjath

Public