Windows ACL

Windows Access Control List (ACL) is a list of privileges or permissions that determine specific access rights under the Windows environment. This can help administrator define access control rules for an individual file or a directory, and give different access rights for an individual user or group.

Through Windows ACL, you can assign different privileges to local and domain users in the system. The privileges apply to all file-related applications, such as FTP, File Station, NFS, AFP, etc.

To define Windows ACL settings for a shared folder:

You can define initial Windows ACL settings when creating a shared folder. Follow the steps below:

  1. Click Shared Folder in Control Panel.
  2. Click Create to create a shared folder, or select an existing shared folder and click Edit to edit the folder.
  3. Under the Shared Folder Info tab, enter the fields required.
  4. Under the Windows ACL tab, check the Allow editing Windows Access Control List checkbox to initialize Windows ACL support.
  5. Click OK to finish.

To edit Windows ACL settings using File Station:

  1. Select a file or folder. You are not allowed to select and modify ACL permissions for multiple files.
  2. Right-click the folder or choose the Action menu, and then choose Properties.
  3. Under the General tab, choose a user from the Owner drop-down menu to set the user as the owner of the file or folder. If you are setting ACL permission for a folder, you can tick Apply to this folder, sub-folders and files to set the user as the owner of all files or folders within the folder.
  4. Click the Permission tab and do any of the following to manage ACL permissions for the file or folder:
  5. Click OK.

ACL permissions could be categorized as follows:

About permission inheritance:

ACL permissions are inherited from parent objects to child objects. For instance, if an ACL entry of the "sales" folder grants the "Read" permission to the user "Amy", then the ACL entry will be applied to all files within the "sales" folder (such as "annual report.xls"), allowing the user to open the files. Inherited permissions will be displayed in gray, whereas the object's own permissions (or "explicit" permissions) will be displayed in black.

To edit Windows ACL settings using Windows Explorer:

Refer to the How To article for detailed instructions.

Note:

  1. You can only add up to 200 ACL explicit permission entries for a file or folder.
  2. When there's a conflict between Windows ACL settings and the shared folder privileges, the system will automatically adopt the settings the two may have in common. For example, if the shared folder privilege is "Read/Write", but ACL privileges is "Read". Then final privilege will only be "Read".
  3. Windows ACL is only supported on EXT4 file system. For previous DSM 2.3 users, you need to create at least one EXT4 volume to use ACL feature. This means, you have to format at least one hard disk and re-create a volume. Formatting DiskStation will result in erasing all stored data and settings. Please make sure all your data is backed up before processing.
  4. To define new privileges for domain users, make sure DSM and Windows clients are in the same domain.
  5. The ACL privileges of the following shared folders cannot be modified: photo, surveillance, web, homes, NetBackup, usbshare, sdshare, esatashare.