User roles in Shares determine a user's permissions to access
and perform actions on a share. There are three user roles for an account authorized to access
a share: administrators, managers, and regular users. Admins have full permissions to view,
modify, and remove all existing shares and users. Managers have permissions to view, modify,
remove shares for which they have authorization to manage. Users have permissions depending on
the authorizations given them by admins and managers. User, group, and directory service
accounts must be authorized to access a share. If authorized, a user can perform the following
actions on a share:
- Make directory
- Delete directory or file
Note: If you do not have browse permissions but have all other permissions, you can still
perform Upload File and Upload Folder
operations in the user interface, though the contents of the share are not
- Authorizations can be granted to users, groups, and directory services.
- Authorization at the user level takes precedence over the user's group or directory
- In the absence of user level authorization, a user is granted the union of all
authorizations for the groups and directory services to which the user belongs.
Users with the admin permission are authorized to create
new shares and users, as well as to modify or remove any or all shares and users.
- Nodes are only visible to administrators.
- All administrators are authorized to create, edit, and delete any or all nodes and
- Only administrators can create, edit, and delete top-level shares.
Administrators can use the manager permission to delegate the creation of
shares and users to another user without giving that account full administration privileges.
Like administrators, managers can view, edit, and remove share authorizations but only for
shares that they manage. Assigning a user to a share as its manager gives that user
administrative privileges for that share and all inherited subdirectories. If a user creates
a new share within a managed share, the manager of the share has administrative rights to
the new share. For instructions on how to authorize manager
permissions, see Assigning Users the Manager Role.
Though a user with manager permissions effectively becomes the admin for that
share, the following restrictions apply:
- A manager cannot modify or delete the top-level share or any shares above it.
- A manager cannot create a share at the same level of the first share.
- For a manager to administer a group, the manager must have manager permissions for all
of that group's shares.
- Managers cannot edit Admin user properties, but they can edit other managers in
Admin > Users.
- A manager cannot authorize new users or groups for shares the manager does not
- For a manager to change the password or email of a user, the manager must be a manager
of all the shares that user is authorized to access.
Regular users can access any shares for which they have authorizations to access, but the
actions they are allowed to take are set and managed by any user with administrative
privileges for that share.