Permissions can be set based on:
- Users (including a guest access option)
- Groups
- Gateways
There are available three permission levels:
- Read/Write (RW)
- Read-Only (RO)
- No Access (NO)
The access permission for a particular user will be determined by the most restrictive permission control. For example, if a user has Read/Write permission to a share, but the gateway has Read-Only access to the share, then the user will only be able to read.
User and Group Permissions
Set the SMB share access permissions by users and groups.
Note: In Active Directory, Microsoft Entra ID, Microsoft Entra Domain Services, On-Prem LDAP, and IDaaS modes, admins must first import users and groups before they will appear in this tab.
Default Access
The permissions for all users in the system.
Read/Write | Users can read and write files to the share. Users must be authenticated to access the share. Admins can add users/groups to a Read Only exclusion list. |
Read Only | Users can read files from the share. Users must be authenticated to access the share. Admins can add users/groups to a Read/Write exclusion list. |
No Access | Users cannot see the share. Admins can add users/groups to Read Only and Read/Write exclusion lists. |
Allow Guest Access
If Allow Guest Access is enabled, users that log in with a non-existent account will automatically be allowed access to the share as the guest user.
Exception List
Use exceptions to set Read/Write or Read-Only access for specific users and groups. By default, both users and groups are listed in this section. You may filter the list by name or by type (User, Group, or All).
Forbid Share Link
Prevents the user from sharing links to files using the sharing option in the Files section.
Edit Gateway Permissions
Set which gateway has access to the share. By restricting gateway permissions, you can create access restrictions based on location.
Sync Share
Gateway
In firmware version 8.0 and later, Team Portal access control has been split into two options: "Team Portal - Management" and "Team Portal - Operation".
"Team Portal - Management" controls access to share management options.
"Team Portal - Operation" controls access to files through the web interface.
Access
The Access column sets the access permissions for shares. The available options are:
- Read/Write (RW)
- Read-Only (RO)
- No Access (NO)
"Team Portal - Management" has the following access settings available: "NO" and "RW".
"Team Portal – Operation" has the following access settings available: "NO", "RO", and "RW".
Prefetch
Check the Prefetch box to force the gateway to download all new and modified files immediately. This allows a user to access new and modified files from the local cache without waiting for a download from the cloud. If prefetch is not enabled, files that are not in the cache will not be downloaded until they are accessed.
Replicate Share
Source Gateway
The source gateway has Read/Write permission for the share.
Additional Destinations
In firmware version 8.0 and later, Team Portal access control has been split into two options: "Team Portal - Management" and "Team Portal - Operation".
"Team Portal - Management" controls access to share management options.
"Team Portal - Operation" controls access to files through the web interface.
The other options available are:
- Access - Check the Access box to grant Read-Only permission to the gateway for the share.
- Prefetch - Check the Prefetch box to force the gateway to download all new and modified files immediately. This allows a user to access new and modified files from the local cache without waiting for a download from the cloud. If prefetch is not enabled, files that are not in the cache will not be downloaded until they are accessed.
Archive Share
Source gateway
Source gateway has Read/Write permission for the share.
Add a Hot Standby device for Archive share
For Archive shares, you can add a hot standby device to an existing source gateway for high availability (HA). With hot standby, the source gateway will transfer files to the standby device in addition to uploading to the cloud. The hot standby device can replace the source gateway without the need to download files from the cloud.
When replacing the current source gateway with the hot standby device:
- If the current source gateway is online, select the hot standby device in the Source Gateway dropdown to set it as the new source gateway.
- If the current source gateway is offline, bring it online, then select the hot standby device in the Source Gateway dropdown to set it as the new source gateway.
- If the current source gateway cannot be brought online (hardware issues, etc.), delete the current source gateway device from your Morro account, then select the hot standby device in the Source Gateway dropdown to set it as the new source gateway.
The other options available are:
- Access - Check the Access box to add a hot standby device for the current source device, hot standby device has Read-Only permission for the share.
- Prefetch - When the Prefetch box is checked, the source gateway will transfer the real files (not stub files) to the hot standby device when an archive job starts. Otherwise, the source gateway transfers only the stub files to the hot standby device to conserve space on the hot standby device.
Please note that only one device can be designated as the hot standby device, and this device must be on the same network as the current source gateway.