Disallowing users or groups from bypassing directory traverse checking
If you do not want a user to traverse all the directories in the path to a file because the user does not have permissions on the traversed directory, you can remove the SeChangeNotifyPrivilege privilege from local SMB users or groups on storage virtual machines (SVMs).
Before you begin
The local or domain user or group from which privileges will be removed must already exist.About this task
When removing privileges from a domain user or group, ONTAP might validate the domain user or group by contacting the domain controller. The command might fail if ONTAP cannot contact the domain controller.
Example
The following command disallows users that belong to the EXAMPLE\eng
group from bypassing directory traverse checking:
cluster1::> vserver cifs users-and-groups privilege show -vserver vs1
Vserver User or Group Name Privileges
--------- --------------------- -----------------------
vs1 EXAMPLE\eng SeChangeNotifyPrivilege
cluster1::> vserver cifs users-and-groups privilege remove-privilege -vserver vs1
-user-or-group-name EXAMPLE\eng -privileges SeChangeNotifyPrivilege
cluster1::> vserver cifs users-and-groups privilege show -vserver vs1
Vserver User or Group Name Privileges
--------- --------------------- -----------------------
vs1 EXAMPLE\eng -
Give documentation feedback