This section describes how to create a local Windows authentication user group. Local authentication user groups are used to control the share access permissions of specific local authentication users.
Context
A system has nine local authentication user groups that are automatically created. The nine user groups are reserved for the system and cannot be modified or deleted.
- Administrators is the administrator group. When the group members access a shared namespace in the storage system, they do not need to be authenticated by share level ACLs and NT ACLs. They can operate any file in any share with administrator permissions without the need to be authenticated.
- Other user groups are common user groups. When the group members access a shared file system of the storage system, they can have the corresponding permissions only after being authenticated.
An access control list (ACL) is a collection of permissions that are authorized to users or user groups to operate shared files. ACL permissions are classified into ACL storage permissions and ACL authentication permissions. After a user logs in to a share, the system determines the user's permissions on the share, reads the ACL permissions, and then determines whether the user can read and write files. For ACL storage permissions, each ACL permission is called an Access Control Entry (ACE). After a CIFS share is mounted to a Windows client, the client sends NT ACLs to the server (storage device that provides the CIFS share).
Procedure
- Choose Resources > Access > Authentication User > Windows Users > Local Authentication User Group.
- Select the desired account from the Account drop-down list in the upper left corner.
- Click Create.
The Create Local Windows Authentication User Group page is displayed on the right.
- Set basic parameters for the local authentication user group.
Table 1 describes related parameters.
Table 1 Basic local authentication user group parameters Parameter
Description
Name
Indicates the name of the local authentication user group.
[Value range]
- The name must be unique.
- The name cannot contain special characters "/[]:|<>+=;?*@ and control characters, cannot start with a space, and cannot end with a space or a period (.).
- The name can contain case-insensitive letters. For example, aa and AA cannot be created at the same time.
- The user group name cannot be the same as the name of a local authentication user.
- The name contains 1 to 256 characters.
Description
Indicates the description of the local authentication user group.
[Value range]
The description can be left blank or contain up to 255 characters.
The newly created local authentication user group is a common user group. When members in the user group access a shared file system of the storage system, they can have the corresponding permissions only after being authenticated.
- Click OK.