Note:  a valid support contract is required to receive any and all software updates.  Please check with support or your sales rep for the current support contract status.  Before reading, you need a site admin capable of setting permissions at the file/folder level and managing those settings.  So this feature is not for everyone and requires a permissions admin.


Samba Access Based Enumeration (ABE) is a feature in Samba that allows administrators to restrict the visibility of files and directories based on user permissions. With ABE, users can only see files and directories that they have access to, and any files or directories they do not have permission to access will be hidden from view. This feature can improve security and simplify file system navigation for users by reducing clutter and preventing unauthorized access to sensitive information.


First, ensure your NX2/ZX is at up29r3 or higher.  Then contact support to get the download for the small update (SU) for ABE.  Install the SU and reboot for it to take effect.  Test it in your environment.  


We will use an example to show its use.  The media volume has a lot of read-only folders to decrease clutter and increase security.  The read-only folders are still visible but no one with read-only access can traverse into the folders.  



Log into the NX2/ZX.  Go to Storage -> Pools -> Shares -> and pull down the file system for which you want to turn on ABE for a given share.




Pull down the "Options" and select Protocols


You have a new Access Based Enumeration check box.  Turn on and hit apply


Unmount and remount the share(s). The read-only items will be purged from all mounts that don't have read/write access.  In our example, the "media" drive looks blank because the logged-in user has read-only access to all of its contents except the Unity Attic folder.



After an admin supplies read/write access to the folder SL-M10001-mac3test1 it shows up for the user.  Putting the folder back to read-only makes the folder disappear.  


Share enumeration is not for everyone as setting folder-level permissions requires a site admin capable of that task.