Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > OneFS ACL policies
PowerScale OneFS ACL policies are cluster-wide policies for controlling how permissions are processed and managed. Each policy provides an option to reflect a specific environment or workflow affecting permission change interactions. The previous sections discussed how to change a permission state and how an unintended permission change could have unexpected results. The unexpected results are essentially where ACL policies affect the behavior.
For example, the impacts of ACL policies control the use of chmod for files and chmod +a/-a for setting DACLs. Settings are available for each environment, and the fine-tuning of each setting is also possible. When a different environment is selected, the other ACL settings also change. For most workflows, the Balanced setting is the best option. Because the ACL policies are cluster-wide, the Balanced setting supports a multi-protocol environment evenly, considering both UNIX and Windows.
By default, the environment is set for Balanced, as shown in the following figure:
Figure 33. OneFS ACL policy settings
The options in the top two fields under General ACL Settings change automatically to reflect the environment option selected. For an explanation of each field, see the PowerScale OneFS Web Administration Guide. The focus of this section is on the first two fields under General ACL Settings, which provide the following options:
Note: As with any major update on a PowerScale cluster, practice extreme caution while updating these options because they are cluster-wide and could lead to unexpected and undesired results. Before updating a production cluster, configure a lab environment to learn how ACL policies would affect a specific workflow.