ONTAP Hardware

Remove all SHARES permissions


Hi all,

I am new to NetApp world and having basic scripting skills.

Here is the details :

Domain name : contoso.com (fake name)

Users naming model : firstname_secondname@contoso.com, firstname_secondname2@contoso.com

Server name : SRVBKP

Shares names : \\SRVBKP\firstname_secondname





The current situation is a bit confusing, I read the documentation about cifs access share [-g] user rights and cifs access -delete share [-g] user, but as it’s a production server, this why I need your assistance to create a script that:

  • Remove all the permissions (whatever they are, Read,Modify or Full control) on all USERS SHARES. Remove any users, any groups from SHARE permissions
  • Grant full control to each user to his own folder (personnal share)
  • This is optionnal, I want to do the same as #1 but for NTFS permissions

Any help is most welcome,

Many Thanks for your help



You should probably look at the NetApp management SDK for these kind of activities. SDK is available at http://support.netapp.com for download. The commands and procedures would depend on the languagae that you use. Roughly, the workflow would look like :

1. Create a list of sharenames that you are targeting ( This is required so that you dont mess up with other existing shares)

2. Loop through each item in the list, and get the ACL on the share. This can have mutiple entries, so another nested loop is needed here

3. Loop through each ACE, and delete it

4. After finishing all entries in step3, create an ACE for the desired user (which is hopefully the same as the sharename)

5. repeat and finish loop1.


for the last item in your message, download the secedit tool from http://mysupport.netapp.com/NOW/download/tools/secedit/ and create a text file with the ACLs. You can then copy that file into the vol0/etc, and run "fsecurity apply <filepath>" to apply the DACLs on your qtrees/volumes.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.


Thank you for your relevant reply. The workflow seems to be fine.


As said, scripting is not my favourite thing, so I need at least a starting code, concerning the language, I would prefer PowerShell cmdlets.

I know I must Get the NA Controller name, the concerned  shares and so on, but I am really not skilled in scripting.