Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > On-Disk Identity
Once a token is generated for a user, OneFS uses the token’s contents to assign an On-Disk Identity. The identity is used when the file is created or when file ownership changes, affecting the file permissions. In a single-protocol environment, determining the On-Disk Identity is simple because Windows uses SIDs and Linux uses UIDs. However, in a multi-protocol environment, only one identity is stored, and the challenge is determining which one is stored.
By default, the policy configured for On-Disk Identity is Native mode. Under Native mode, OneFS selects the real value between the SID and UID. If both the SID and UID are real values, OneFS selects UID. The On-Disk Identity policy is configurable from the user interface, as shown in the following figure:
Figure 16. Configuring the On-Disk Identity policy
The On-Disk Identity should typically remain in Native mode, which is the best option for most environments. If a fake, locally generated value is used for a file permission, once that file is sent to another cluster, the original user no longer has access to the file. On the contrary, another user would have access to the file, as the fake tokens are distributed again starting from 1 million. When the real value is used for the On-Disk Identity, file access remains relative to the authentication provider, ensuring that a file is portable and providing a consistent experience.
Reverting to the previous example of viewing an access token, the On-Disk Identity is also visible, as shown in the following figure:
Figure 17. On-Disk Identity example
In this figure, the UID is set to 100000, which is a fake, locally generated value. The SID contains a full string and is a real value from Active Directory. Because the policy is configured for Native mode, the real value of the UID and SID is used as the On-Disk Identity, ensuring file portability and consistency as the file moves to another cluster or system.
The following table lists the On-Disk Identity in Native mode for various authentication providers:
Authentication provider | SID | UID | On-Disk Identity |
Active Directory | Real-AD | Fake | SID |
LDAP | Fake | Real-LDAP | UID |
Active Directory Mapping LDAP | Real-AD | Real-LDAP | UID |
Active Directory with RFC 2307 | Real-AD | Real-LDAP | UID |
A file’s On-Disk Identity is confirmed using the PowerScale CLI commands, ls –le <filename> and ls –len <filename>. The ls –le function lists the usernames, and ls –len lists the actual On-Disk UID or SID identities. The following figure shows an example of an On-Disk UID:
Figure 18. On-Disk UID
The following figures shows an example of an On-Disk SID:
Figure 19. On-Disk SID