About this task
This task controls user access to filesystems via SMB shares. By default, when an SMB share is created, the share-level permissions allow all users full access to the share unless restricted by file or folder permissions.
The instructions below apply to:
- Shares of SMB filesystems
- Shares of SMB filesystem snapshots
- A filesystem share or a filesystem snapshot share
- The security identifier (SID) of a user or group
Identifying the SID
To set share-level permissions for a user or group, you need to know its security identifier (SID).
- The SIDs of users and groups in the InfiniBox local user repository are displayed in the SMB tab of the console's Settings page.
- To retrieve the SID of an Active Directory (AD) domain user or group, use either a PowerShell or a Windows command.
Using PowerShell to retrieve a SID from AD
To identify the SID, replace
user-or-group-name with the name of the relevant user or group, and run the following PowerShell command:
Using Windows command line to retrieve a SID from AD
To use Windows command line to identify the SID, use one of the following commands. Replace
user-name for the relevant user, or
group-name for the relevant group.
- In the GUI, click the Datasets icon on the left toolbar, and select the Datasets tab.
- Do one of the following:
- For a share of a filesystem: Select the filesystem name, and click the Shares tab.
- For a share of a filesystem snapshot: Expand the filesystem tree, select the filesystem snapshot name, and click the Shares tab.
- Select the share name.
The SMB Share Permissions window opens in the right pane.
- To add an entry for a principal, click Add Share-Level Permission Entry.
- Enter the principal (user or group) SID for the entry, and select one of the following permissions levels:
- Read Only
- Read Write
- Full Control
- Click Done.
This task and all other filesystem tasks are available on both the GUI and InfiniShell.
Related InfiniShell commands
- fs.share.permission.add - adding a permission entry to a share
- fs.share.permission.modify - modifying attributes of a permission
- fs.share.permission.query - querying for the permission attributes of a share
- fs.share.permission.remove - removing a permission entry from a share