Beginning in Data ONTAP 7.2.2, storage administrators can set security (permissions and auditing) on volumes and qtrees using the fsecurity command. This feature is called Storage-Level Access Guard.
With the Storage-Level Access Guard security in place, any storage object can contain up to three types of security layers:
Exists on the directory or file that represents the storage object. This security is also the same security you can set from a client.
Applies to every file within the storage object. Applying this security will not affect access to, or auditing of, directories.
Applies to every directory within the storage object. Applying this security will not affect access to, or auditing of, files.
Storage-Level Access Guard security applies to files and directories but is not inherited by them. If you view the security settings on a file or directory, you will not see the Storage-Level Access Guard security.
However, access to a file or directory in Data ONTAP is determined by the combined effect of both the native permissions applied to files and/or directories and the Storage-Level Access Guard permissions set on qtrees and/or volumes. Both levels of security are evaluated to determine what the effective permissions a file or directory has.