Authorization The filesystems that are configured in the file-servers.xml file can have access controls applied to restrict access to read, read/write, or no access. The access control blocks can be specified on a per filesystem basis or globally to be applied to all filesystems, or filesystems that do not have their own set of access controls.
The simplest access control block for a filesystem can be used to set the default access :-
When the access control block has any rules defined, the default access may also be specified as None. If an SMB/CIFS client is granted None access to a filesystem, then that filesystem will not appear in the browse list of available shares for that client.
The access control block may contain a number of rules that allow or disallow a particular client access to the filesystem. The rules are processed such that the client receives the highest access level.
The following rules are available :-
<user name='...' access='Read|Write|None'/>
If the user matches name then grant them access access to the filesystem.
Grant access depending on the client TCP/IP address.
<address ip='n.n.n.n' access='Read|Write|None'/>
Grant access to the specified TCP/IP address.
<domain name='...' access='Read|Write|None'/>
Grant access to SMB/CIFS clients from the specified domain.
A global access control block may be specified within the Filesystem Security section of the file-servers.xml configuration file. The global access controls are applied to all filesystems that do not have their own specific access controls. Here is an example :-