NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Network Access vs File Access
Can anyone explain the difference between Network Access and File Access permissions? I've looked at the following articles but they ony seem to make sense to a point. Set Network Access Rights to ...
The closest local equivalent to network access is folder access (where network share = local folder). There is no true equivalent, as they are only applicable to a network. Unlike folder access, you cannot get around it by knowing the name of a file or folder contained therein and manually typing it in if the permissions on that file or folder don't also block you.
The big difference is that file access affects what permissions are given to the file when it is created. If you change those for a share, it does not automatically change them for every file and folder therein at the time of the change (though there is an option to do so in the GUI). File permissions can also be changed through a right-click in Windows, while network permissions cannot. In a multi-user environment, that can be important.
StephenB recommends you only use the network permissions. I typically used both, and had a couple of instances where something (I have no idea if it was the NAS or Windows) changed the file permissions, locking me out of some tiles until I reset permissions via the GUI. So, I now understand his reasoning.
Hi Sandshark, thanks for your reply.
To clarify; we are creating SMB shares on the ReadyNAS and accessing them via Windows. We cannot access these shares in Windows without the relevant user/group being present in the ReadyNAS Network Access list, however, as the NTFS permissions seem to match the ReadyNAS File Access list it seems we must use both.
The folder 'owner' listed in the Windows-side root share, seem to equate to the ReadyNAS Folder Owner in the File Access list but I do not seem to be able to find any equivalent for the ReadyNAS Folder Group on the Windows side, so am unsure of how this affects the overall permissions schema.
Should I set the SMB share Network Access list to "Everyone-Read/Write" and manage the permissions via the ReadyNAS File Access list or the permissions on the Windows-side NTFS Security list? Is this what StephenB means?
DCA-IT wrote:
Should I set the SMB share Network Access list to "Everyone-Read/Write" and manage the permissions via the ReadyNAS File Access list or the permissions on the Windows-side NTFS Security list? Is this what StephenB means?
Actually the reverse. I suggest setting the file access settings on the NAS share to "Eveyone-Read/Write", and control access only with the network access list.
StephenBThanks for your reply, I have one question then:
As Windows NTFS permissions seem to mirror the ReadyNAS File Access permissions, how do I manage the NTFS side of things if it's set to Everyone-Read/Write? Should I disable inheritence on the Windows side to "unlink" the two sets of permissions?
DCA-IT wrote:
As Windows NTFS permissions seem to mirror the ReadyNAS File Access permissions, how do I manage the NTFS side of things if it's set to Everyone-Read/Write? Should I disable inheritence on the Windows side to "unlink" the two sets of permissions?
I don't disable inheritance myself - I suspect it could result in more people accidently losing access to subfolders and files.
The net here is that you can't manage file permissions for users who have write network access to the share, since you can't prevent them from changing the file permissions. And if someone has only read network access or (or is denied access) you don't need to manage file permissions.
The potential downside of my approach is that it only controls access to the full share - if you want to control access differently for various folders within the share, you would need to use file permissions to do that. Though I think it's easy enough to divide the share into two.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
