Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > OneFS Unified Permission Model
Multi-protocol environments introduce new challenges for managing user access and file permissions. Because multi-protocol environments are not governed by an open standard or RFC, each vendor implements multi-protocol with a different approach.
PowerScale OneFS developed the Unified Permission Model to implement multi-protocol support. Using the Unified Permission Model ensures that the permission model remains consistent irrespective of the access protocol. A single model simplifies multi-protocol integration because the access protocol is not considered when comparing users and permissions. From an administrative perspective, only a single model has to be ascertained, rather than several protocol-specific models.
Multi-protocol is not only limited to SMB and NFS. OneFS also supports HTTP, HDFS, S3, and FTP. It is essential to ensure that the permission model remains consistent across all these protocols. Further, the Unified Permission Model accounts for users from different systems with different IDs that may be the same or a different user.
The Unified Permission Model ensures that a common access token is generated for each user at login, representing the user’s persona to the cluster. Once the token is generated, it is evaluated against file permissions to check for access.
Figure 5. Unified Permission Model overview