Specifying Replication Direction and Mode (ACL Manager)

The WAFS ACL Manager allows you to replicate the Windows security settings for all files and sub-folders in the displayed linked folder between Agents. For each Job, one Agent must be selected as the Source, and its ACLs will be inherited by the Job on all other Agents linked to the same Job.

To specify replication direction and mode

  1. Open the WAFS Agent Manager and click a Job in the tree.

  2. Click the ACL Manager tab.

  3. In the Replication Direction area, specify whether the current Agent is the master (Source) or the slave Agent (Target) that receives the data. If your replication mode is unidirectional (CDP), the direction of the ACL copy is automatically set from master to backup slave.

  4. In the Replication Mode area, do one of the following:

  5. Click Save to save the changes or Restore to clear your changes.

If you specified Automatic replication

After each ACL check, the source Agent calculates the duration to process the ACL, and multiplies it by a specified factor (30 by default), compares this new value to the cycle time defined in the ACL Manager Advanced Options dialog box, then chooses the larger value as the new cycle time. A similar calculation occurs on the target. You can change the default values in the ACL Manager Advanced Options dialog box:

  1. Click Advanced Options. The ACL Manager Advanced Options dialog box appears.

  2. In the Source Cycle box, specify how often the source Agent should check for ACL changes.

  3. In the Source Factor box, specify the multiplier.

  4. In the Target Cycle box, specify how often the target Agent should check for ACL changes.

  5. In the Target Factor box, specify the multiplier.

  6. Click OK to save changes.

 

Setting the ACL in Windows

An ACL (access control list) is a property of every file and folder in Microsoft's NTFS file system. An access control entry (ACE) is an element in an access control list (ACL). It allows an administrator to limit the access to given files to a selected group of users. The ACLs of a file or folder can be set in Windows Explorer from the file or folder's Security tab, which can be accessed by right-clicking on the file or folder.

Make sure no shares have been set to the Windows 2003 default "read-only" (look in the Share tab) or it will override the permissions you set in the Security tab.

WAFS/CDP fully supports ACLs; therefore, you can set the security of each file (i.e., set the access rights) exactly like in NTFS on the file or folder's Security tab.

Because the software runs under SYSTEM account credentials, the "user" SYSTEM must have full access rights to the replicated files and folders. On the file or folder's Security tab, make sure SYSTEM is listed with full control. Failure to give the SYSTEM account full control of every file and folder results in users or applications not being able to access, move, or otherwise modify these files and folders.

To grant Full access to Everyone

  1. In Windows Explorer, right-click the top-level folder of the Job, then click Properties.

  2. The Properties dialog box appears. Click the Security tab.

  3. Allow full control to Everyone and to SYSTEM.

  4. Select Advanced, choose Replace permissions entries on all child objects, then click OK.  

    For example, suppose you create a new folder in a Job, and want to give users jsmith and jjones full access to the folder and to all the files that would be stored in it. In NTFS, you would open the Security tab, then add user jsmith and jjones. You would do the exact same thing with the WAFS folders, but you must also include the "user" SYSTEM and give it full access.

If you want to limit access to a selected group, instead of Everyone, you would have to include the list of users and groups that are allowed to access the volume; ensure SYSTEM is included and has full control on every file and folder.