SMB shares - allow access to subfolder(s) only to specific user or group

D

dfreitag

Cadet
Joined
Jan 4, 2023
Messages
2
Hi

I have
- User A (me, admin)
- User B (employee)

I want to
- give User A access to all folders and subfolders within a dataset
- restrict User B access to specific folders/subfolders (as they contain sensitive information), while allowing him full access to everything else

Is there a way of achieving the above?

Many thanks!
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
dfreitag said:
Hi

I have
- User A (me, admin)
- User B (employee)

I want to
- give User A access to all folders and subfolders within a dataset
- restrict User B access to specific folders/subfolders (as they contain sensitive information), while allowing him full access to everything else

Is there a way of achieving the above?

Many thanks!
Click to expand...
Yes. You can use a Windows client to fine-tune permissions however you wish on the subdirectories. Though you may want to consider just creating a second dataset / share for the sensitive information (so that you don't have to worry about this, and can keep permissions easily auditable via the webui).
 
D

dfreitag

Cadet
Joined
Jan 4, 2023
Messages
2
Thank you Anodos - Geia sou :)

I see.

Unfortunately, I cannot create a new restricted dataset for the sensitive info, as this would affect the workflow of the current users too much.

So I will go down the Windows Client route that you have suggested.


Do I understand correctly that this could be achieved by accessing the share as User A, from a windows machine, should have both User A and User B as user accounts under windows, right?

Then
1 Select the Child Folder I want to restrict access to
2 Right-Click > Properties > Security > Edit
3 Select the User
4 Click Deny for Full Control

Please do correct me, if I'm wrong on this?

Many thanks
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
dfreitag said:
Thank you Anodos - Geia sou :)

I see.

Unfortunately, I cannot create a new restricted dataset for the sensitive info, as this would affect the workflow of the current users too much.

So I will go down the Windows Client route that you have suggested.


Do I understand correctly that this could be achieved by accessing the share as User A, from a windows machine, should have both User A and User B as user accounts under windows, right?

Then
1 Select the Child Folder I want to restrict access to
2 Right-Click > Properties > Security > Edit
3 Select the User
4 Click Deny for Full Control

Please do correct me, if I'm wrong on this?

Many thanks
Click to expand...

The way you would typically do this in Windows SMB client is to disable auto-inheritance, and then add an ACL entry for _only_ the group(s) that should have access to the directory. Grant modify in Windows and not Full Control.
 
You must log in or register to reply here.

Similar threads

Scampicfx
  • Locked
Setting difficult / different permissions on same Share (Windows)
Replies
3
Views
3K
Scampicfx
Scampicfx
B
  • Locked
CIFS subfolder permission
Replies
1
Views
2K
Mirfster
Mirfster
R
SMB folder with read/write and w/o modify/delete permissions
Replies
0
Views
3K
r51
R
R
Restrict access to the root folder /
Replies
2
Views
2K
winnielinnie
winnielinnie
MikeyG
11.2-U3 Unable to access snapshots on SMB shared subfolder
Replies
2
Views
1K
anodos
anodos
Top