Skip to main content

Access Basics

This article applies to: Shared File Services

  • Access to SFS shares will be restricted to on-campus IP addresses (including VPN).
  • No encryption is built into the SFS service. Customers can use their own encryption tools to encrypt their data (c.f., Policy 5.3, Use of Escrowed Encryption Keys).*
  • CIFS shares will reside in the Cornell Active Directory (AD) domain and can be presented through Cornell AD’s DFS namespace.
    • CIFS volumes have an inherited, recursive ACL for the Cornell AD group you specify for “administrative” purposes as "(OI)(CI)F".
    • End-users should be in different (non-administrative) Cornell AD groups.
    • End-users should never be granted ‘Full Control’.  
    • The “everyone” group is removed.
    • SFS administrators have no ACLs on your volume.
  • NFS shares can be restricted to a list of explicit servers, as defined by the customer when submitting a request (or change) for an NFS share.

* HIPAA shares utilize encryption for data-in-flight. Data is not encrypted at-rest on SFS.

About this Article

Last updated: 

Friday, July 10, 2020 - 9:33am

Was this page helpful?

Your feedback helps improve the site.