Home > Storage > PowerScale (Isilon) > Product Documentation > Storage (general) > PowerScale OneFS Permission Repair Job > Architecture
The OneFS PermissionRepair job provides an automated way to fix access controls across a dataset. This remediation option can be invaluable for several scenarios including access controls breaking due to inheritable permissions being set incorrectly, user changes, identity management changes, and so on.
The job contains three execution options, or modes, depending on the resolution required:
Mode | Usage |
Clone | Used when a directory tree with a large file count requires a new set of permissions, such as switching from POSIX mode bits to Windows access control lists (ACLs) |
Convert | Used to modify the on-disk identity type and permission settings, such as converting a directory path to a UNIX identity type |
Inherit | Typically used whenever an inherited access control entry (ACE) is added to an existing directory tree |
The PermissionRepair job is run against a target that can be a file or directory under /ifs. Depending on the job mode, Permission Repair enables:
In contrast to the UNIX chmod command, Permission Repair is considerably more efficient. It performs its operations in parallel across all nodes in the cluster (although using the same system calls that the chmod command uses). As such, Permission Repair is a faster way to effect large-scale permissions changes across a sizable directory tree.
It changes permissions by using the OneFS Job Engine as its execution framework. The Job Engine runs across all nodes of the cluster and is responsible for dividing and conquering large storage management and protection tasks. To achieve this goal, it reduces a task into smaller work items and then allocates, or maps, these portions of the overall job to multiple worker threads on each node. Progress is tracked and reported throughout job execution, and a detailed report and status is presented upon completion or termination.