I've sent this through to the guys at Cutter but thought I'd try to crowd-source an answer too as we have lots of S7000 users on here... :)
Background: I have a CIFS share called ‘resources’, inside this are folders called ‘staff’ and ‘subjects’. Students have read-only access to ‘subjects’ and deny-all access on ‘staff’. The plan is to enable ABE on this share and add another folder called ‘admin’ that students will also have deny-all permissions on. I need this folder and its contents to be invisible unless a user has permissions on it.
I set up a test share as a proof-of-concept for this and it worked flawlessly, exactly how I expected and wanted it to - i.e. for the folders on which a user doesn't have permissions, or has explicit DENY permissions, the folders aren't visible. However, I’ve just enabled ABE on the ‘resources’ share and expected ‘staff’ to disappear when viewed as a student, but it doesn’t. If I make a new folder in the root of the share on which students have no permissions, they can still see it (even though they get ‘access is denied’ when they try to access it).
Any ideas what the problem is? There are a lot of files in this share, but I was under the impression ABE would still work for the top-level directories in which there aren’t many folders.
EDIT: From an Oracle FAQ -
Is this my problem? Can ABE not still work for the top-level directories?Quote:
-CIFS access-based enumeration that permits users to see only those CIFS files to which they have access, allowing users in many-client environments with shallow directory hierarchies to not be overwhelmed with files that they cannot access.
Thank in advance,