Home  ›  How to Grant Full Read Write Permission on a Nas

How to Grant Full Read Write Permission on a Nas

Written By Thursday, March 3, 2022 Add Comment Edit

How do I prepare shared folders and the permission on the NAS running QTS?

  • FAQ
  • File Management
  • File Sharing
Applicable Products:
  • Shared Folders
Configure shared folders

img

  1. Become to Control Panel > Privilege > Shared folders >Shared folder

    • Create Shared folder

      1. Click "Create" > "Shared Folder"

      2. Enter the basic folder settings.

        • Folder proper noun: Enter the share proper noun. The share proper noun does not support " / \ [ ] : ; | = , + * ? < > ` '
        • Clarification: Enter an optional clarification of the shared binder.
        • Disk Book: Select which disk volume on which to create the folder.

      3. Select the way you desire to specify the access right to the folder and specify the guest access right.

      4. If yous select to specify the access right by user or user group, you can select to grant read but, read/write, or deny access to the users or user groups.

      5. Binder Encryption

      6. Configure advanced binder settings

        • Guest Admission Right: Assign guest access rights of the binder.

        • Hibernate network drive: Select to hide the shared folder or not in Microsoft Networking. When a shared folder is hidden, you lot have to enter the complete directory \NAS_IP\share_name to access the share.

        • Lock File (Oplocks): Opportunistic locking is a Windows mechanism for the client to identify an opportunistic lock (oplock) on a file residing on a server in order to cache the data locally for improved operation. Oplocks is enabled by default for everyday usage. For networks that require multiple users concurrently accessing the same file such as a database, oplocks should be disabled.

        • SMB Encryption: This option is available only when SMB3 is enabled. Selecting this option encrypts all Microsoft network advice on the SMB3 protocol

        • Enable Windows Previous Versions:When enabled, the Previous Versions feature in Windows tin exist used with the shared binder.

        • Enable Network Recycle Bin: Enable the Network Recycle Bin for created shared folders.

        • Restrict the access of Recycle Bin to Administrators only for now:This option is available only when Network Recycle Bin is enabled. Selecting this selection prevents non-administrator users from recovering and deleting files in the Recycle Bin.

        • Enable write-simply access on FTP connection: Selecting this option gives the administrator exclusive read and write access to the shared binder. Not-administrator users connected through FTP only get write admission.

        • But allow applications to admission files using the long file name format:When selected, applications tin can only use the long file name (LFN) format to access files in the shared folder

        • Enable sync on this shared folder: Selecting this choice allows this shared binder to be used with Qsync.

        • Enable admission-based shared enumeration (ABSE):When enabled, users can only see the shared folders that they have permission to mountain and access. Guest account users must enter a username and countersign to view shared folders.

        • Enable access-based enumeration (ABE):When enabled, users can only see the files and folders that they have permission to access.

        • Set this folder equally the Time Automobile backup folder(macOS):When enabled, the shared binder becomes the destination folder for Time Machine in macOS

      7. Confirm the settings and click "Create".

    • Delete a shared folder,

      1. select the folder checkbox

      2. click "Remove".

        Note: You can select the pick "Also delete the data (mounted files will not exist deleted)" to delete the binder and the files in information technology. If y'all select not to delete the folder information, the information will be retained in the NAS. You can create a shared binder of the same name again to access the data.

Icon Proper name Description
img Folder Holding Edit the folder belongings. Select to hide or show the network drive, enable or disable oplocks, folder path, annotate, restrict the access of Recycle Bin to administrators (files tin can only be recovered by administrators from the Network Recycle Bin) and enable or disable write-only admission on FTP connection.
img Folder Permissions Edit binder permissions and subfolder permissions.
img Refresh Refresh the shared folder details.
Folder Permissions

Configure binder and subfolder permissions on the NAS. To edit basic folder permissions,

  1. Locate a binder name in Control Console > Privilege > Shared Folders
  2. Click "Folder Permissions". The folder name volition be shown on the left and the users with configured admission rights are shown in the console. You tin can too specify the invitee access correct at the bottom of the panel.
  3. Click "Add" to select more users and user groups and specify their access rights to the folder. Click "Add" to confirm.
  4. Click "Remove" to remove any configured permissions. Yous can select multiple items by holding the Ctrl key and left clicking the mouse. Click "Use" to relieve the settings.
Subfolder Permissions

QTS supports subfolder permissions for secure management of the folders and subfolders. You can specify read, read/write, and deny access of individual user to each folder and subfolder. To configure subfolder permissions, follow the steps below:

  1. Enable Avant-garde Permissions

    1. Go to Control Panel > Privilege > Shared Folders > Avant-garde Permissions
    2. Select Enable Advanced Folder Permissions
    3. click Employ.

  2. Edit Subfolder permissions

    1. Go to Control Panel > Privilege > Shared Folders > Shared folders
    2. Select a root folder, for instance Public
    3. Click Folder Permissions. The shared folder name and its first-level subfolders are shown on the left. The users with configured access rights are shown in the panel, with special permission beneath.
    4. Double click the kickoff-level subfolders to view the second-level subfolders.
    5. Select the root folder.
    6. Click Add to specify read only, read/write, or deny access for the users and user groups.

  3. Click "Add" when y'all take finished the settings.

  4. Specify other permissions settings below the folder permissions console.

    • Invitee Access Right: Specify to grant full or read only admission or deny guest access.
    • Possessor: Specify the owner of the binder. By default, the folder owner is the creator.

  5. To alter the binder owner, click the "Folder Property" button next to the owner field.

  1. Select a user from the list or search a username. And then click "Set".

    • But the possessor tin delete the contents: When you lot apply this choice to a folder, just the folder owner can delete the first-level subfolders and files. Users who are not the owner just possess read/write permission to the folder cannot delete the folders. This choice does not use to the subfolders of the selected folder even if the options "Utilize changes to files and subfolders" and "Apply and replace all existing permissions of this folder, files, and subfolders" are selected.
    • Merely admin tin can create files and folders: This choice is only available for root folders. Select this option to permit admin to create offset-level subfolders and files in the selected folder only.
    • Apply changes to files and subfolders: Apply permissions settings except owner protection and root folder write protection settings to all the files and subfolders within the selected binder. These settings include new users, deleted users, modified permissions, and folder owner. The options "Only the owner can delete the contents" and "Only admin tin create files and folders" volition not be applied to subfolders.
    • Apply and replace all existing permissions of this folder, files, and subfolders: Select this pick to override all previously configured permissions of the selected binder and its files and subfolders except owner protection and root binder write protection settings. The options "Only the possessor tin delete the contents" and "Only admin can create files and folders" will not be applied to subfolders.
    • Special Permission: This pick is only available for root folders. Select this option and choose between "Read just" or "Read/Write" to allow a user to admission to all the contents of a binder irrespectively of the pre-configured permissions. A user with special permission volition be identified as "admin" when he/she connects to the binder via Microsoft Networking. If you lot accept granted special permission with "Read/Write" access to the user, the user volition have full access and is able to configure the folder permissions on Windows. Notation that all the files created by this user belong to "admin". Since "admin" does non have quota limit on the NAS, the number and size of the files created by users with special permission will not be limited by their pre-configured quota settings. This option should be used for administrative and backup tasks only.

  2. Subsequently irresolute the permissions, click "Utilise" and so "YES" to confirm.

Note:

  • You can create maximum 230 permission entries for each folder when Advanced Folder Permission is enabled.

  • If you take specified "deny admission" for a user on the root folder, the user will not be immune to access the folder and subfolders fifty-fifty if y'all select read/write admission to the subfolders.

  • If yous have specified "read only access" for a user on the root folder, the user will accept read simply access to all the subfolders even if you lot select read/write admission to the subfolders.

  • To specify read only permission on the root folder and read/write permission on the subfolders, you lot must gear up read/write permission on the root folder and utilize the pick "Only admin can create files and folders" (to be explained subsequently).

  • If an unidentified business relationship ID (such as 500) is shown for a subfolder on the permission assignment page after you click the "Access Permissions" button next to a shared binder in Command Panel >Privilege Settings > Shared Folders > Shared Folder, it is likely that the permission of that subfolder has been granted to a user account that no longer exists. In this example, delight select this unidentified business relationship ID and click "Remove" to delete this business relationship ID.

Microsoft Networking Host Access Control

The NAS folders can be accessed via Samba connectedness (Windows) by default. You can specify the IP addresses and hosts which are allowed to access the NAS via Microsoft Networking. Follow the steps below to ready upward:

  1. Click "Folder Permissions".
  2. Select "Microsoft Networking host access" from the drib-down menu on top of the page.
  3. Specify the allowed IP addresses and host names. The following IP address and host name are used as case hither:
  • IP address: 192.168.12.12 or 192.168..
  • Host name: dnsname.domain.local or *.domain.local
  1. click "Add" to enter the IP address and host name and then "Use".

Notifications on characters used:

  • Wildcard characters: You tin can enter wildcard characters in an IP addr ess or host proper name entry to represent unknown characters.
  • Asterisk (): Use an asterisk () as a substitute for zip or more characters. For example, if you enter *.domain.local, the following items are included: a.domain.local, cde.domain.local, or examination.domain.local
  • Question mark (?): Apply a question mark (?) every bit a substitute for but one character. For case, examination?.domain.local includes the following: test1.domain.local, test2.domain.local, or testa.domain.local

When you utilize wildcard characters in a valid host name, dot (.) is included in wildcard characters. For case, when you enter *.example.com, "one.case.com" and "one.two.example.com" are included.

Folder Aggregation

You lot tin can aggregate the shared folders on Microsoft network as a portal binder on the NAS and let the NAS users access the folders through your NAS. Upwardly to x folders can be linked to a portal folder. To use this part, follow the steps below:

  1. Enable binder assemblage.
  2. Click "Create a Portal Folder".
  3. Enter the portal folder name. Select to hide the folder or non, and enter an optional comment for the portal folder.
  4. Click the "Link Configuration" button under "Action" and enter the remote binder settings. Make sure the folders are open for public access.
  5. Upon successful connectedness, y'all can connect to the remote folders through the NAS.

Note:

  • Folder Aggregation is supported only in Microsoft networking service and recommended for a Windows Advert environment.
  • If there is permission control on the folders, you need to join the NAS and the remote servers to the aforementioned Advertizement domain.
Avant-garde Permissions

"Advanced Folder Permissions" and "Windows ACL" provide subfolder and file level permissions control.

Protocols Permission Options How to Configure
Avant-garde Binder Permissions FTP, AFP, File Station, Samba 3 (Read, Read & Write, Deny) NAS web UI
Windows ACL Samba 13 (NTFS permissions) Windows File Explorer
Avant-garde Folder Permissions

Apply "Advanced Binder Permissions" to configure subfolder permissions straight from the NAS UI. There is no depth limitation for the subfolder permissions. However, it is highly recommended to modify the permissions but on the first or second level of the subfolders. When "Advanced Folder Permissions" is enabled, click the "Folder Permissions" button under the "Shared Folders" tab to configure the subfolder permission settings. See Shared Folders" > "Folder Permission of this department for details.

Windows ACL

Use "Windows ACL" to configure the subfolder and file level permissions from Windows File Explorer. All Windows Permissions are supported. For detailed Windows ACL behavior, delight refer to standard NTFS permissions: http://world wide web.ntfs.com/#ntfs_permissTo assign subfolder and file permissions to a user or a user group, full control share-level permissions must be granted to the user or user group.

When Windows ACL is enabled while "Avant-garde Folder Permissions" are disabled, subfolder and file permissions will have effect only when accessing the NAS from Windows File Explorer. Users connecting to the NAS via FTP, AFP, or File Station will only have share-level permissions.

When Windows ACL and Avant-garde Folder Permissions are both enabled, users cannot configure Advanced Binder Permissions from the NAS UI. The permissions (Read only, Read/Write, and Deny) of Advanced Folder Permissions for AFP, File Station, and FTP volition automatically follow Windows ACL configuration.

Final modified date: 2021-12-27

Was this commodity helpful?

Thank you for your feedback.

rapozasolem1956.blogspot.com

Source: https://www.qnap.com/en/how-to/faq/article/how-do-i-set-up-shared-folders-and-the-permission-on-the-nas-running-qts

0 Response to "How to Grant Full Read Write Permission on a Nas"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel