Permission Group Overview
A permission group represents a trustlist mechanism. You can add permission group rules to grant permissions to specified source IPs to access the file system, that is, manage the access permissions of visiting clients.
Precautions
By default, you can add up to 20 permission groups to a single user and a single region and add up to 400 permission group rules to each permission group. To increase the permission group quota, you need to submit an order for application.
SFS has a default permission group, which cannot be edited or deleted. The permission rules in the default permission group are all released by default, and cannot be added, edited, or deleted. The default permission group occupies one permission group quota. New file systems are automatically associated with the default permission group.
When the client changes from Read and Write permission to Read-only permission and changes back to Read and Write permission, you need to remount the client.
Creating Permission Groups
1. Log in to the eSurfing Cloud Console, click 
in the upper left corner of the console, and select a region.
2. Select Storage Console > Scalable File Service, click the Permission Group tab, and go to the Permission Group Management page.
3. Click Create Permission Group to configure the name, network type (default: Proprietary Network), and description in the pop-up window.
After completing, click OK. After a few seconds, the permission group page automatically refreshes. If a newly created permission group appears in the list, it means that the creation is successful.
Parameter | Description |
Name | Permission group name. It can only consist of numbers, letters, and hyphens (-). It cannot start with a number or a hyphen (-) and cannot end with a hyphen (-). |
Network Type | Default: Proprietary Network. |
Description | Description of permission management, containing 0-128 characters. |
4. To modify the permission group description, click Modify in the action column on the right side of the Permission Group List.
Adding Permission Group Rules
1. Click the permission group name in the Permission Group List to go to the Permission Group Details page.
2. Click Add Rules to configure rules such as authorized address, read and write permissions, and priority in the pop-up window.
The parameter description is as follows:
Field | Description |
Authorized Address Type | IPv4 and IPv6 are optional. |
Authorized Address (Mandatory) | You can fill in a single IP or a single network segment, such as 10.10.1.123 or 192.168.3.0/24. The default visiting address is *, which means all are allowed. |
Read-write Permission | Read-only or Read and write. When the client changes from the Read and Write permission to Read-only permission and changes it back to the Read and Write permission, you need to remount the client. |
User Permissions | no_root_squash: Non-anonymous Root User. |
Priority | The optional range of Priority is 1-400 and the default value is 1, indicating the highest priority. If the permission of a single IP conflicts with that of an IP within a network segment in the same permission group, the permission with a higher priority applies. The priority cannot be repeated. |
Changing Permission Groups
1. Log in to the eSurfing Cloud Console, click in the upper left corner of the console, and select a region.
2. Select Storage Console > Scalable File Service. Click the file system name to go to the File System Details page.
3. You can see the bound VPC under the VPC tab. In the regions that support permission groups, you can click Change Permission Group at the bottom of the Operation bar.
4. Select a new permission group on the pop-up page, click OK, and complete the change of the permission group.
Editing Permission Group Rules
1. Log in to eSurfing Cloud and go to the Console. Click in the upper-left corner of the console, and select a region.
2. Select Storage Console > Scalable File Service. Select the Permission Group tab, click the permission group name, and go to the Permission Group Rules page.
3. Select the rule to be edited, click Edit at the bottom of the Operation bar, and set the new permission group rule on the pop-up page.
4. Click OK to complete the changing of the permission group rules.
Note:
New file systems are automatically associated with the default permission group. You can change the permission group under the VPC module. Each VPC under each file system can only correspond to one permission group.