Understanding User Roles and Share Authorization

Overview:

User roles in Shares determine a user's permissions to access and perform actions on a share. There are three user roles for an account authorized to access a share: administrators, managers, and regular users. Admins have full permissions to view, modify, and remove all existing shares and users. Managers have permissions to view, modify, remove shares for which they have authorization to manage. Users have permissions depending on the authorizations given them by admins and managers. User, group, and directory service accounts must be authorized to access a share. If authorized, a user can perform the following actions on a share:
Note: If you do not have browse permissions but have all other permissions, you can still perform Upload File and Upload Folder operations in the user interface, though the contents of the share are not displayed.

Authorization Precedence

Administrators

Users with the admin permission are authorized to create new shares and users, as well as to modify or remove any or all shares and users.

Managers

Administrators can use the manager permission to delegate the creation of shares and users to another user without giving that account full administration privileges. Like administrators, managers can view, edit, and remove share authorizations but only for shares that they manage. Assigning a user to a share as its manager gives that user administrative privileges for that share and all inherited subdirectories. If a user creates a new share within a managed share, the manager of the share has administrative rights to the new share. For instructions on how to authorize manager permissions, see Assigning Users the Manager Role.

Though a user with manager permissions effectively becomes the admin for that share, the following restrictions apply:

Users

Regular users can access any shares for which they have authorizations to access, but the actions they are allowed to take are set and managed by any user with administrative privileges for that share.