Overview:
User roles in Shares determine a user's permissions to access
and perform actions on a share. There are three user roles for an account authorized to access
a share: administrators, managers, and regular users. Admins have full permissions to view,
modify, and remove all existing shares and users. Managers have permissions to view, modify,
remove shares they have authorization to manage. Regular users have permissions depending on
the authorizations given them by admins and managers. User, group, and directory service
accounts must be authorized to access a share. If authorized, a user can perform the following
actions on a share:
- Browse
- Upload
- Download
- Make directory
- Delete directory or file
- Rename
Note: If you do not have browse permissions but have all other permissions, you can still
perform Upload File and Upload Folder
operations in the user interface. You do not have permissions for other UI operations such
as Delete or Download, and the contents of the
share are not displayed.
Authorization Precedence
- Authorizations can be granted to users, groups, and directory services.
- Authorization at the user level takes precedence over the user's group or directory
service authorizations.
- In the absence of user level authorization, a user is granted the union of all
authorizations for the groups and directory services to which the user belongs.
Administrators
Users with the admin permission can create new shares and
users. Admins have full rights to modify or remove all existing shares and users.
- Nodes are only visible to administrators.
- All administrators have the highest level of permissions for administration of al nodes,
including permission to create, edit, and delete nodes.
- Only administrators can create, edit, and delete top-level shares.
- All administrators have the highest level of permissions for administration of all
shares, including permission to view, edit, and remove share authorizations.
Managers
Administrators can use the manager permission to
delegate the creation of shares and users to another user without giving that account full
administration privileges. Like administrators, managers can view, edit, and remove share
authorizations but only for shares that they manage.Assigning a user to a share as its
manager gives that user administrative privileges for that share and all inherited
subdirectories. If a user creates a new share within a managed share, the manager of the
share automatically gains administrative rights to the new share as well. Refer to Authorizing a User, Group, or DS With Manager Permissions for instructions on how to authorize manager permissions
for a user.
Though a user with manager permissions effectively becomes
the admin for that share, the following restrictions apply:
- A manager cannot modify or delete the top-level share or any shares above it.
- A manager cannot create a share at the same level of the first share.
- For a manager to administer a group, the manager must have manager permissions for all
of that group's shares.
- Managers cannot edit Admin user properties, but they can edit other managers by
navigating to Admin > Users.
- A manager cannot authorize new users or groups for shares the manager does not
manage.
- For a manager to change the password or email of a user, the manager must be a manager
of all the shares that user is authorized to access.
For more information on authorizing a user as the manager of a share, see
Authorizing a User, Group, or DS With Manager Permissions.
Users
A regular user can access any share for which it has authorizations to access, but the
actions it is allowed to take are set and managed by any user with administrative priviliges
for that share. Some common actions include browsing, uploading, and downloading files, and
modifying the directory holding the files.