ONTAP 9 Manuals ( CA08871-402 )

Local users and groups concepts

You should know what local users and groups are, and some basic information about them, before determining whether to configure and use local users and groups in your environment.

  • Local user

    A user account with a unique security identifier (SID) that has visibility only on the storage virtual machine (SVM) on which it is created. Local user accounts have a set of attributes, including user name and SID. A local user account authenticates locally on the CIFS server using NTLM authentication.

    User accounts have several uses:

    • Used to grant User Rights Management privileges to a user.

    • Used to control share-level and file-level access to file and folder resources that the SVM owns.

  • Local group

    A group with a unique SID has visibility only on the SVM on which it is created. Groups contain a set of members. Members can be local users, domain users, domain groups, and domain machine accounts. Groups can be created, modified, or deleted.

    Groups have several uses:

    • Used to grant User Rights Management privileges to its members.

    • Used to control share-level and file-level access to file and folder resources that the SVM owns.

  • Local domain

    A domain that has local scope, which is bounded by the SVM. The local domain’s name is the CIFS server name. Local users and groups are contained within the local domain.

  • Security identifier (SID)

    A SID is a variable-length numeric value that identifies Windows-style security principals. For example, a typical SID takes the following form: S-1-5-21-3139654847-1303905135-2517279418-123456.

  • NTLM authentication

    A Microsoft Windows security method used to authenticate users on a CIFS server.

  • Cluster replicated database (RDB)

    A replicated database with an instance on each node in a cluster. Local user and group objects are stored in the RDB.

Top of Page