Understand NAS file permissions in Azure NetApp Files

To control access to specific files and folders in a file system, permissions can be applied. File and folder permissions are more granular than share permissions. The following table shows the differences in permission attributes that file and share permissions can apply.

SMB share permission	NFS export policy rule permissions	SMB file permission attributes	NFS file permission attributes
Read Change Full control	Read Write Root	Full control Traverse folder/execute Read data/list folders Read attributes Read extended attributes Write data/create files Append data/create folders Write attributes Write extended attributes Delete subfolders/files Delete Read permissions Change permissions Take ownership	NFSv3 Read Write Execute NFSv4.1 Read data/list files and folders Write data/create files and folders Append data/create subdirectories Execute files/traverse directories Delete files/directories Delete subdirectories (directories only) Read attributes (GETATTR) Write attributes (SETATTR/chmod) Read named attributes Write named attributes Read ACLs Write ACLs Write owner (chown) Synchronize I/O

File and folder permissions can overrule share permissions, as the most restrictive permissions countermand less restrictive permissions.

Permission inheritance

Folders can be assigned inheritance flags, which means that parent folder permissions propagate to child objects. This can help simplify permission management on high file count environments. Inheritance can be disabled on specific files or folders as needed.

• In Windows SMB shares, inheritance is controlled in the advanced permission view.

• For NFSv3, permission inheritance doesn’t work via ACL, but instead can be mimicked using umask and setgid flags.
• With NFSv4.1, permission inheritance can be handled using inheritance flags on ACLs.

Next steps

• Understand NFS file permissions
• Understand SMB file permissions
• Understand NAS share permissions in Azure NetApp Files