Assign Shared Folder Permissions

You can specify which users or groups can access, view, or modify a shared folder and its contents. The access permissions of shared folders, as well as individual files and subfolders, can be customized for each user or group.

Windows ACL:

In DSM 5.0 or later version, the access permissions of shared folders are based on Windows ACL by default. Newly created shared folders implement the permissions settings of Windows ACL, which also allows for customizing the permissions of individual files and subfolders. In addition, permissions can be customized via File Station or File Explorer in Windows.

The following shared folders cannot use the Windows ACL permissions management system: photo, satashare, sdshare, surveillance, usbshare.

Note:

Users' personal home folders are located under the homes folder. Because ACL works on a basis of permission inheritance, if you set NA permission for a user/group on homes, users will have no access to their personal home folder.

To edit permissions of a shared folder:

  1. Go to Control Panel > Shared Folder.
  2. Select the shared folder whose permissions you wish to edit. Click Edit.
  3. Go to the Permissions tab.
  4. Select one of the following from the drop-down menu:
  5. Check or uncheck the appropriate boxes for each user or group to customize their access permissions for the shared folder:
  6. Click OK to finish.

Note:

Customizing Windows ACL permissions

In addition to the settings described above, you can customize permissions further by following the steps below.

Note:

The below settings cannot be used with the following shared folders: photo, satashare, sdshare, surveillance, usbshare.

To customize permissions:

  1. On the Permissions tab, select the user whose permissions you want to customize. Click anywhere in the Custom column.
  2. Do any of the following in the Permission Editor window to manage ACL permissions for the file or folder:
    1. User or group: Specify the user or group whose permissions you wish customize.
    2. Note:

      The options of Authenticated Users and SYSTEM in the User or group drop-down menu are created in order to match the privilege settings of Windows ACL. Their privilege scopes are as follows:

      • Authenticated Users includes accounts excluded from https and guest.
      • SYSTEM includes accounts in https and anonymous.
    3. Inherit from: For view only. View the information here to see if the permission is inherited (from a parent folder) or explicit (shown as None).
    4. Type: Choose Allow or Deny to grant or deny the permission to the user or group.
    5. Apply to: If you are creating a permission entry for a folder, tick the checkboxes to apply the entry to this folder, the folders (or Child folders) or files (or Child files) in this folder, or all files and folders contained in this folder (or All descendants).
    6. Administration: Tick Read permissions, Change permissions, or Take ownership to specify the user or group's access permission settings for the entry.
    7. Read or Write: Tick the checkboxes in these sections to modify the user or group's permission settings for the file or folder.
  3. Click OK.

ACL permissions could be categorized as follows:

About permission inheritance:

ACL permissions are inherited from parent objects to child objects. For instance, if an ACL entry of the "sales" folder grants the "Read" permission to the user "Amy", then the ACL entry will be applied to all files within the "sales" folder (such as "annual report.xls"), allowing the user to open the files. Inherited permissions will be displayed in gray, whereas the object's own permissions (or "explicit" permissions) will be displayed in black.

Note: