Managing NTFS permissions at scale on Amazon FSx for NetApp ONTAP
Storage Blog
This article explains how to manage NTFS permissions at scale on Amazon FSx for NetApp ONTAP using storage-layer operations instead of traditional client-side tools.
- Use ONTAP security descriptors as reusable permission templates with ownership and DACL entries
- Configure inheritance flags (OI|CI) to ensure new files automatically receive correct permissions
- Create security policies linking descriptors to target volume paths for recursive application
- Apply permissions to millions of files as atomic operations, significantly faster than SMB-based tools
- Monitor background jobs to track permission updates across entire directory hierarchies
- Reapply existing policies after data migrations to maintain consistent permissions on new content
- Create separate descriptors for subdirectories to implement granular, multi-level access controls
- Update existing descriptors rather than creating new policies to preserve and add permissions
This storage-layer approach reduces permission management from hours to minutes while providing reliable, repeatable results across entire file systems without SMB protocol overhead.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 9
2024
2024
Enabling file system sharing on Amazon FSx for NetApp ONTAP across multiple AWS accounts
Jun 11
2026
2026
Secure shared storage with CIFS share-level access controls on Amazon FSx for NetApp ONTAP
Feb 29
2024
2024
Managing storage on Windows servers with Amazon FSx for NetApp ONTAP
Jul 9
2024
2024
Announcing the next generation of Amazon FSx for NetApp ONTAP file systems
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.