I am trying to find out how netapp Unix Mode permissions apply to windows users. Apparently users are mapped by name and the user bits are applied. But what about groups? Can they be applied to limit user's access?
Windows user is mapped to Unix user and then file access is checked using standard Unix rules. That also answers your second question about groups – at the time permissions are checked NetApp is not even aware that was a Windows user. Group membership is determined using /etc/group, NIS or LDAP, whatever is configured.
You can check tr3490 for overview of multiprotocol access rules.
Answering to myself it appears it applies to the groups too. But that groups have to be provisioned in the /etc/group file in netapp it doesn't map them from windows user groups in anyway. Am I correct?