Hi Scott,

Very difficult question. The only thing what I can see is that you create 2 'root' shares on the 2 volumes.

Than you create 2 DFS (distribute filesystem service from microsoft) trees (it's possible that you need two different windowsservers to separate the access control). Each department has full control on their dfs tree. They can create new shares in dfs, and use always the one root share on the filer as mount-path combined with the correct directories.

It's a 'crazy' idea, but I think this must work.

Good luck,

Reinoud Reynders
IT-manager Infrastructure & Operations
UZ Leuven
Belgium

----- Original Message -----
From: owner-toasters@mathworks.com <owner-toasters@mathworks.com>
To: owner-toasters@mathworks.com <owner-toasters@mathworks.com>; toasters@mathworks.com <toasters@mathworks.com>
Sent: Wed Oct 10 22:51:31 2007
Subject: CIFS share creation security question


Quick question, is there anyway to allow AD users/groups the ability to create or delete cifs shares on specific volumes, but not others?  Say we have an HR and Sales volume on the same filer.  Each has their own IT personnel that create shares on each specific volume, but not each other's.  Right now they are in the local admin group so they can theoretically do whatever they please, but we are looking for a more granular way to lock this down.  Any suggestions?

Thx!


This message and any attachments (the "message") is intended solely for
the addressees and is confidential. If you receive this message in error,
please delete it and immediately notify the sender. Any use not in accord
with its purpose, any dissemination or disclosure, either whole or partial,
is prohibited except formal approval. The internet can not guarantee the
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will)
not therefore be liable for the message if modified. Please note that certain
functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.