Access-Based Enumeration

Access-based Enumeration (ABE) allows for files and folders to be hidden when users do not have list or read permissions to those objects. ABE depends on the proper management of ACLs and care needs to be taken to make sure that inheritance does not open up or lock down directories deep in the share unintentionally.

ABE can be turned on at the share/directory and file-granular level using objectives. The access-based-enumeration objective is pre-created and can be applied easily through the UI.

The objective can be applied at the share-level which means that it cannot be removed further down in the share. If the desire is to enforce ABE for all the folders and file in an entire share, then it is recommended to use a share-level objective.

ABE can also be applied using regular objective expressions at any level within the share. It can be applied at the file level or a sub-directory level, using either the management interface (UI/CLI) or the hstk toolkit.

ABE is also applicable across protocols. When user mapping is properly configured, an NFS mount is also be subject to the same ABE behavior. Users that do not have read permission from NFS will not see the folders or files.