Home > Storage > PowerScale (Isilon) > Product Documentation > Management and Migration > PowerScale OneFS Authentication, Identity Management, and Authorization > SMB client file access sequence
An SMB client connects to a PowerScale cluster and accesses files in both states, as illustrated in the following figure:
Figure 22. SMB client file access sequence
In the preceding figure, the SMB client connects to the PowerScale cluster, and OneFS issues a token. It is assumed that the token has the correct UID and SID. The SMB client accesses File 1, which is in a POSIX file state. The SMB client does not understand POSIX bits, but the token can still be evaluated against the bits as an access check. To represent the POSIX bits for the SMB client to view File 1 permissions, OneFS generates a synthetic ACL, which is a direct representation of the POSIX bits in ACL form. The synthetic ACL is not saved by OneFS and is only generated when the SMB client accesses the POSIX file.
Next, the SMB client accesses File 2, which is in Real ACL state. The SMB client supports ACL and understands the ACL permissions. In this case, OneFS makes a direct comparison of the SMB client’s token with the Real ACL permissions, as would take place in a single-protocol Microsoft environment.