Table of ContentsView in Frames

Enabling Storage-Level Access Guard using the fsecurity command

Beginning in Data ONTAP 7.2.2, storage administrators can set security (permissions and auditing) on volumes and qtrees using the fsecurity command. This feature is called Storage-Level Access Guard.

About this task

With the Storage-Level Access Guard security in place, any storage object can contain up to three types of security layers:

Note: At this time, only NTFS access permissions are supported for Storage-Level Access Guard. For a UNIX user to perform a security check on qtrees or volumes where Storage-Level Access Guard has been applied, the UNIX user must be mapped to a Windows user.

Storage-Level Access Guard security applies to files and directories but is not inherited by them. If you view the security settings on a file or directory, you will not see the Storage-Level Access Guard security.

However, access to a file or directory in Data ONTAP is determined by the combined effect of both the native permissions applied to files and/or directories and the Storage-Level Access Guard permissions set on qtrees and/or volumes. Both levels of security are evaluated to determine what the effective permissions a file or directory has.