QNAP Features: Privileges
Well-rounded user privilege design for centralized account management and authentication
While managing a NAS system, a flexible and well-rounded user privilege design is the key to achieve high productivity of IT administrations while maintaining file security so files of different security levels are always accessed by the right persons.
QNAP Turbo NAS provides numerous functions for privilege setup, including shared folder access control, user home folders, Windows ACL, Windows AD and LDAP directory services, and RADIUS Server, maximizing the benefits of centralized account management and authentication for network access.
Shared Folder Access Control:
- Web-based interface
- Windows AD integration
- LDAP directory integration
Flexibly assign access rights for users
Creating shared folders for different workgroups and assigning proper privileges for users and groups is an important duty of IT administrators. A well designed interface will help minimize the efforts spent on it. The Turbo NAS provides an easy way to finish the settings on the web-based interface. It can also be joined to Windows AD domain or LDAP directories for convenient user accounts import and access control.
User Home Folders:
- Automatic process
- Improved efficiency for administrators
- Personal folder for users
Automatic process
Without user home folders, it takes IT administrators a long time to create personal folders for each individual user, one by one, on the Turbo NAS. Now, the user home folders feature removes the lengthy process and makes the work extremely efficient. With the user home folders feature turned on, a personal folder will be created automatically when a user logs on to the Turbo NAS for the first time.
Improved efficiency for administrators
With user home folders feature, unnecessary repetition of creating folders and setting permissions for each local user and domain user can be omitted for IT administrators. It saves time and efforts. All user home folders are organized in the “homes” folder that appears to IT administrators, allowing convenient user data backup.
Personal folder for users
The “home” folder is designed for providing a private storage space for each user to store or back up non-collaborative files. User’s home folder can be automatically mapped as a drive letter in the Windows AD environment for easy access.
Windows ACL:
- Setup directly on Windows Explorer
- Simplifies privileges settings in large scale businesses
The Turbo NAS supports Windows ACL, enabling IT administrators to easily leverage the Windows system usage experience to the Turbo NAS for shared folder permission settings and access control. It allows sophisticated shared folder permission settings and thus simplifies IT management for businesses with a large number of users.
By enabling Windows ACL support, the basic permission and 13 advanced permissions can be set up from the Windows Explorer and sync to the Turbo NAS shared folder permission setting. Not only sub-folder permission is supported, but also are the file-level privilege settings. In addition, the same permissions apply to AFP, FTP, File Manager and Samba when Advanced Folder Permissions is enabled at the same time.
Windows Active Directory (AD):
- Windows AD support
- Domain user home
Centralized access right verification
In business environments, there usually exist different servers of different functions. Typically, it requires separate access right for users to log into each server. While people come and go or new servers are integrated to the network, productivity of IT administrators is usually declining because of the increasing tasks of dealing with the tedious and redundant privilege settings for the changes.
The Turbo NAS can be easily joined to Windows AD for efficient user account management. The domain users can enjoy using the same Windows AD account name and password to connect to different Turbo NAS on the local network, and IT administrators can benefit from the centralized access right verification, thus able to save precious time for other more important tasks. The Turbo NAS supports large-scale AD deployment of up to 200,000 AD users and groups.
Domain user home
For Windows AD domain users, a user home folder can be created through enabling user home service for domain users. After that, each domain user can have a private folder for personal file storage and backup when logging into the Turbo NAS. The user home folder feature also benefits IT administrators with an easy way to backup files of each user.
LDAP Directory Service:
- Supports OpenLDAP
- Supports large amount of users and groups.
Integrating the Turbo NAS into networks that have deployed an LDAP-based directory service such as OpenLDAP is effortless with QNAP’s LDAP protocol support. This greatly simplifies the efforts of managing a large amount of user accounts and brings equivalent convenience that is available for Windows ADS environments.
Works with LDAP-based services
QNAP’s LDAP protocol support allows the Turbo NAS to be added to LDAP-based directory services, such as OpenLDAP. As a result, IT administrators no longer need to create and manage the same user account on each server within the network. Instead, users are authenticated centrally by the LDAP server, and can use the same LDAP account name and password to access any Turbo NAS that has been added the LDAP server, largely reducing IT deployment time and increasing business productivity.
The Turbo NAS as LDAP server
For businesses, setting up an LDAP server usually involves additional expenditures on hardware. Fortunately, a package OpenLDAP is available in the QNAP QPKG Center for turning the Turbo NAS into an LDAP server. Utilizing the same logic, any server that supports LDAP protocol could be added to the LDAP-server-enabled Turbo NAS.
RADIUS Server:
- Centralized account management and authentication for network access
- Supports 802.1x security authentication such as PAP, EAP-TLS/PAP, and EAP-TTLS/PAP
- Web-based management interface
QNAP RADIUS server centralizes and consolidates user authentication by maintaining a list of user accounts that are authorized for remote network access through dial-up equipment, Wi-Fi access point, or VPN connections. IT administrators can easily apply access policies to multiple access points for a fine-grained control of network access.
Centralized user authentication
A RADIUS (Remote Authentication Dial In User Service) server provides centralized authentication and authorization management for computers to connect and use a network service. It is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. The new RADIUS server support allows the Turbo NAS to provide the features a RADIUS server can.