Article Number: 000197022
Dell EMC Unity: After upgrading Unity OE, certain users are unable to access folders that they had previously been able to access. (User Correctable)
Summary: This article describes one of the reasons why some users cannot access some folders after the upgrade and how to resolve it.
Article Content
Symptoms
After upgrading from Unity OE 5.0.x or earlier to 5.1.0 or higher, users are unable to access certain folders.
Access is recovered when the access rights are granted to the relevant user again from the Windows side.
When checking access rights for folders with access problems from Windows or Unity side, SYNCHRONIZE permission is not granted to users who do not have access to the folders.
How to check from Windows side: (By clicking this link, you leave the Dell website)
Download the AccessChk.exe tool from the Microsoft KB and run the command.
https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/access-denied-access-smb-file-share 
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk 
Example:
accesschk.exe -ld \\<nas server>\<share>\<folder>
How to check from Unity side:
Log in to the Mgmt IP using ssh as the service user and perform the following service command.
Example:
svc_cifssupport <nas server> -acl -path /<fs_name>/<folder>/<sub-folder> -v
Cause
Without SYNCHRONIZE access control entries, access was not allowed on Windows Server, but was allowed in versions prior to Unity OE 5.1.0.
Unity OE 5.1.0 has been corrected to behavior the same as Windows, which caused some previously accessible objects to become inaccessible after the upgrade.
UNITYD-39198/UNITYD-40676
Security Unity permission handling differs from Windows Server.
Resolution
To resolve this the better way is to grant a user the SYNCHRONIZE permission.
An alternative is to change parameters to revert to previous behavior.
NOTE: Parameter setting changes are reflected immediately.
It is NOT necessary to restart the NAS Server or reboot the SP.
<Parameter change only for specific NAS server>
svc_nas <nas_server> -param -f cifs -m ignoreSynchronizeMask -v 1
<Parameter change for ALL NAS server>
svc_nas ALL -param -f cifs -m ignoreSynchronizeMask -v 1
<Check current parameter settings>
svc_nas <nas_server> -param -f cifs -i ignoreSynchronizeMask -v
<nas_server> :
name = ignoreSynchronizeMask
facility_name = cifs
default_value = 0
current_value = 0
configured_value = 0
param_type = NAS server
user_action = none
change_effective = immediate
range = (0,1)
description = Boolean value to check/ignore SYNCHRONIZE access mask permissions in the requests.
detailed_description
This parameter is used to check/ignore SYNCHRONIZE access mask permissions. Set param cifs ignoreSynchronizeMask=<value>
0 check SYNCHRONIZE access mask permission for object
1 ignore SYNCHRONIZE access mask permission for object <== Previous behavior.
Article Properties
Affected Product
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 500
, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Unity All Flash, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, Unity Hybrid flash, Dell Unity Operating Environment (OE), UnityVSA, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition
...
Last Published Date
14 Mar 2024
Version
5
Article Type
Solution