Permission translation

For cross-platform accesses, the permissions requested for a particular operation are determined by the requesting platform, and then translated to the platform where the object was created. This might result in broader permissions being required.

Permissions are translated as follows:
UNIX® Windows®
read READ_DATA(LIST_FOLDER)
execute EXECUTE_DATA(TRAVERSE_FOLDER)
write WRITE_DATA(CREATE_FILES), APPEND_DATA(CREATE_FOLDERS), and DELETE_SUBFOLDERS_AND_FILES (for directories)
Some permissions are not translated:

Consider a UNIX client requesting write permission on a file or directory that was created on Windows. UNIX clients request write permission on a file when writing or appending, or on a directory when creating or removing a file or subdirectory. Because a write request could reflect any of these operations, any "write" request is translated to several Windows permissions: WRITE and APPEND for files; or, CREATE_FILES, CREATE_FOLDERS and DELETE_SUBFOLDERS_AND_FILES for directories. Access is granted only if the translated user has all of these permissions on the object, even though the operation actually being attempted would appear to match only one of them.

Parent topic: Heterogeneous file sharing

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2