Software Development Kit (SDK) and API Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Software Development Kit (SDK) and API Discussions

Start a New Post

Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

AmjathKhan
‎2016-05-16 12:27 AM

Hello All,

 

please let me know the procedure to set a particular AD group to have access to a Folder created inside of cifs Shares.

 

please do the needful.

 

With Thanks & Regards

Amjath

0 Kudos
6 REPLIES 6

AmjathKhan
‎2016-05-16 08:07 PM

Hello All,

 

I need to add a AD group (read/write) access to the folder created inside the cifs shares.

 

I knew fsecurity will show the details like which are all AD groups have access to particular folder, but I want to write the details into netapp

 

please do the needful.

 

Model: FAS8020
NetApp Release 8.2.3P4 7-Mode

 

With Thanks & Regards

Amjath

0 Kudos

Jeff_Yao
Community Manager
‎2016-05-27 04:26 AM
In response to AmjathKhan

afaik, i dont think there's command on filer can help u do that. u have to do it on client side. maybe windows powershell can do something about it. like "cacls" cmd.

thanks 

Jeff

0 Kudos

AmjathKhan
‎2016-05-29 08:14 PM
In response to Jeff_Yao

Thanks for the info, will try cacls command as well.

 

Is fsecurity apply wont help in this case by setting the .config file  ?? 

 

with Thanks 

Amjath

0 Kudos

Jeff_Yao
Community Manager
‎2016-05-30 12:57 AM
In response to AmjathKhan

hi, 

 

"fsecurity apply" should work as well. personally recommand you do it on client side. i recall there's a bug in "fsecurity apply". below TR includes some chapters you can read thru. checking 2.3 and 2.4. it should be helpful. 

http://www.netapp.com/us/media/tr-3596.pdf

thanks

Jeff

0 Kudos

raj_shrivastava11
‎2016-05-17 12:23 AM

Hi Amjath,

 

Firstly, try to access the CIFS Share on any of your Windows Based Server/Machine. it should be accessed like "\\netappname or IP\Sharename".

 

Then Right click on a "Folder" on which you want to add the "AD Group"

 

1. In Sharing Tab --> "Everyone" should be "Full Control"

 

2. In Security Tab --> you should be able to add the "AD Group" and set the required permission and apply it.

 

3. Access the folder using that "AD Group" or by members of that AD Group.

 

Hope this helps

 

BR

Raj

 

 

0 Kudos

AmjathKhan
‎2016-05-17 12:40 AM
In response to raj_shrivastava11

Hello Raj,

 

Thanks for the info, yep this is the manual way of doing that, but i want this steps need to be automated using the .net API / using the netapp cli commands.

 

please help on that.

 

dont we have any straight command to give permission to the folder with AD groups ??

I read somewhere they are saying, create new fpolicy and then using the fsecurity apply the policy to the folder. but I didnt understand the flow.

 

something like this

Create a conf file containing the following:

cb56f6f4 1,0,"/vol/vol_name/qtree_name/subdir",0,"D:P(A;CIOI;0x1f01ff;;;Everyone)"

 

Save it on your filer somewhere (example in manpage is /etc/security.conf).

Run:

fsecurity show /vol/vol_name/qtree_name/subdir

fsecurity apply /etc/security.conf

fsecurity show /vol/vol_name/qtree_name/subdir

 

With Thanks  & Regards

Amjath

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public