Does the output of the CLI command "cifs share access-control show" for the share in question match what's expected before and after the PowerShell commands?  Do you get any errors from Windows or the NetApp?  

A couple of other things to check:

• Is the volume permissions style correct/expected?
• Is the export policy configured to allow CIFS permissions?

For reference, this works as expected on my 8.3 test system:

$svm = "svmName"
$aggregate = "bestAggr"
$volumeName = "myShare"
$size = 1gb
$username = "me"

Get-NcVserver $svm | New-NcVol $volumeName -Aggregate $aggregate -JunctionPath "/$($volumeName)" -Size $size -SecurityStyle ntfs
Get-NcVserver $svm | Add-NcCifsShare -Name $volumeName -Path "/$($volumeName)"
Get-NcVserver $svm | Remove-NcCifsShareAcl -Share $volumeName -UserOrGroup Everyone
Get-NcVserver $svm | Add-NcCifsShareAcl -Share $volumeName -UserOrGroup $username -Permission full_control

Andrew

I am using a domain user.

I ran the cli command.  Here is the output:

cluster::> cifs share access-control show -vserver vservername -share sharename$
                      Share              User/Group                 User/Group Access
Vserver            Name              Name                        Type           Permission
--------------       -----------         --------------------------- -----------     -----------
vservername     sharename$     DOMAIN\username     windows     Full_Control

When I look in the webgui, the permissions are set correctly.  When I run Test-Path in the context of DOMAIN\username:

PS E:\Scripts> Test-Path \\vservername\sharename$
False

This means that DOMAIN\username cannot see the share.

If I delete the ACL created by my PS script using the GUI, then add DOMAIN\username in, the Test-Path works.  Looking at the output of the same commands as above it looks the same.

cluster::> cifs share access-control show -vserver vnausfsl01 -share vol_vnausfsl01_GIAHome01_daily$
                      Share              User/Group                User/Group Access
Vserver            Name              Name                       Type           Permission
--------------      -----------         --------------------------- -----------     -----------
vservername     sharename$     DOMAIN\username     windows      Full_Control

PS E:\Scripts> Test-Path \\vservername\sharename$
True

Now DOMAIN/username can see the share.

Is there some logging I can look at?  I do not understand how it works from the webgui, but not from PS.

I have done some additional testing.

I ran my script, but stoped where I set the ACL.  I then ssh into the cluster and set the permissions using the command line. 

cifs share access-control create -vserver vservername -share \\vservername\sharename$ -user-or-group  DOMAIN\username -user-group-type windows -permission full_Control

Any chagne I make in the command line does not work.

I am going to open a ticket for it not working at the command line.

I have confirmed that I can make the change in the webgui successfully.

Additional information

I created a SVM local user and I have the same problem as my domain user.  I even tried that local user as a VSADMIN.