-
From the left navigation menu, select Element Store and then Tenants.
-
Click
to open the Actions menu for the policy you want to edit and select Edit.
-
Change the General settings as needed:
Name
Trash folder GID
If you want to allow access to the trash folder for non-root NFSv3 users serviced by the tenant, enter the GID of a user group that you want to use for this purpose in the Trash folder GID field. Users who belong to this group will have permission to move files into the trash folder.
By default, the operation of moving files into the trash folder is supported for the root user only.
Default share-level ACL
Optionally set the default 'Everyone' Group share-level permission for the tenant. This default permission affects all views associated with the tenant where share-level ACL is disabled. The permission can be set to Read, Change or Full Control. By default, it is set to Full Control.
For more information about share-level ACLs , see Share-Level ACLs.
Note
These settings are active only if and when an SMB allowed provider is connected to the tenant. A maximum of one Active Directory provider on the cluster can be used for SMB authentication and authorization. The usage is controlled via the SMB allowed setting, which can be enabled or disabled per Active Directory configuration.
Enable privileged domain user restore access
-
Enabled (default). The SMB privileged user is enabled.
-
Disabled. The SMB privileged user is disabled.
Enable privileged domain group backup access
Enable privileged group restore access
-
Enabled (default). The SMB privileged user group has read and write control access. Members of the group can perform backup and restore operations on all files and directories, without requiring read or write access to the specific files and directories.
-
Disabled. The SMB privileged user group has read control access. Members of the group can perform backup operations on all files and directories without requiring read access to the specific files and directories. They cannot perform restore operations without write access to the specific files and directories.
Logon name of the privileged domain user
Optional custom user name for the SMB privileged user. If not set, the user name is 'vastadmin'.
SID of the privileged domain group
Specify a custom group SID in order to have a working privileged group with backup operator privileges. If not set, the SMB privileged group is set to the Backup Operators domain group (S-1-5-32-551), which, due to a known issue, does not receive backup operator privileges.
BUILTIN\Administrators group name
Optional custom name to set for a non-default SMB privileged group.
-
-
On the Providers tab, change the providers if needed:
-
Select which external authorization providers should be enabled for the tenant. Providers configured on the cluster are available for you to select up to one of each type (Active Directory, LDAP and NIS), subject to combination restrictions per tenant described in Authorization Providers in VAST Cluster.
-
If you enable more than one provider:
-
Select one of the providers from the POSIX Primary Provider dropdown to take precedence over the other providers in case of any conflicts between attribute values when user information is retrieved from the providers.
-
In the Login Name Primary Provider field. select one of the providers as the primary provider for the user's login name.
-
-
-
On the Tenant Access tab, change the configuration of tenant access. These settings are optional. See Providing Client Access to Tenants for more information.
-
Click Update to save your changes.
To modify a tenant from the VAST CLI, use the tenant modify command.
Comments
0 comments
Article is closed for comments.