Overview:
User roles in Shares determine a user's permissions to access
and perform actions on a share. There are three user roles for an account authorized to access
a share: administrators, managers, and regular users. Admins have full permissions to view,
modify, and remove all existing shares and users. Managers have permissions to view, modify,
remove shares they have authorization to manage. Regular users have permissions depending on
the authorizations given them by admins and managers. User, group, and directory service
accounts must be authorized to access a share. If authorized, a user can perform the following
actions on a share:
- Browse
- Upload
- Download
- Make directory
- Delete directory or file
- Rename
Note: If you do not have browse permissions but have all other permissions, you
can still perform Upload File and Upload
Folder operations in the user interface (UI). However, you will not have
permissions for other UI operations such as Delete or
Download, and the contents of the share are not
displayed.
Authorization Precedence
- Authorizations can be granted to users, groups, and directory services.
- Authorization at the user level takes precedence over the user's group or directory
service authorizations.
- In the absence of user level authorization, a user is granted the union of all
authorizations for the groups and directory services to which the user belongs.
Administrators
Users with the admin permission can create new shares and
users. Admins have full rights to modify or remove all existing shares and users.
- Nodes are only visible to administrators.
- All administrators have the highest level of permissions for administration of al nodes,
including permission to create, edit, and delete nodes.
- Only administrators can create, edit, and delete top-level shares.
- All administrators have the highest level of permissions for administration of all
shares, including permission to view, edit, and remove share authorizations.
Managers
Administrators can use the manager permission to delegate the creation of shares and users
to another user without giving that account full administration privileges. Like
administrators, managers can view, edit, and remove share authorizations but only for shares
that they manage.Assigning a user to a share as its manager gives that user administrative
privileges for that share and all inherited subdirectories. If a user creates a new share
within a managed share, the manager of the share automatically gains administrative rights
to the new share as well. Refer to Authorizing a User, Group, or DS With Manager Permissions for instructions
on how to authorize manager permissions for a user.
Though a user with manager permissions effectively becomes the admin for that share, the
following restrictions apply:
- A manager cannot modify or delete the top-level share or any shares above it.
- A manager cannot create a share at the same level of the first share.
- For a manager to administer a group, the manager must have manager permissions for all of
that group's shares.
- Managers cannot edit Admin user properties, but they can edit other managers by navigating
to .
- A manager cannot authorize new users or groups for shares the manager does not
manage.
- For a manager to change the password or email of a user, the manager must be a manager of
all the shares that user is authorized to access.
For more information on authorizing a user as the manager of a share, see
Authorizing a User, Group, or DS With Manager Permissions.
Users
A regular user can access any share for which it has authorizations to access, but the
actions it is allowed to take are set and managed by any user with administrative priviliges
for that share. Some common actions include browsing, uploading, and downloading files, and
modifying the directory holding the files.