A bayyane yake karma na shine: aiwatar da ayyuka na yau da kullun ta kowane nau'in hanyoyi marasa mahimmanci. Idan wani yana da hangen nesa daban game da matsalar, don Allah a tattauna ta don a iya magance matsalar.
Wata safiya mai kyau wani aiki mai ban sha'awa ya taso don rarraba haƙƙoƙin ƙungiyoyin masu amfani don hannun jari daban-daban waɗanda ke ƙunshe da manyan fayiloli na ayyuka tare da manyan fayiloli. Komai yayi kyau kuma an rubuta rubutun don sanya haƙƙoƙin manyan fayiloli. Sannan ya zama cewa yakamata kungiyoyin su ƙunshi masu amfani daga yankuna daban-daban, daga dazuzzuka daban-daban (). Bari mu ce rabon da kansa yana kan kafofin watsa labarai na Synology, mai rijista a yankin FB na dajin PSI. Aiki: don ƙyale masu amfani da yanki a wani daji su sami damar yin amfani da abubuwan da ke cikin wannan rabon, kuma zaɓaɓɓu.
Bayan ɗan lokaci, ƙayyadaddun fasaha sun ɗauki nau'i mai zuwa:
- 2 gandun daji: dajin PSI, dajin TG.
- Kowane daji yana da yankuna 3: PSI (ZG, PSI, FB); TG (TG, HU, KC).
- Akwai alaƙar amana tsakanin dazuzzuka; Synology yana ganin duk ƙungiyoyin tsaro a duk gandun daji.
- Hannun jari da manyan fayiloli/ manyan fayiloli dole ne su sami asusun mai gudanarwa na yankin FB tare da haƙƙin FullControl
- Ya kamata a tsara sunayen manyan fayilolin. Gudanarwa ya daidaita ID na aikin; Na yanke shawarar danganta sunan kungiyoyin Tsaro zuwa ID na aikin.
- Dole ne manyan fayilolin aikin a cikin hannun jarin tsarin su ƙunshi tsarin da aka shirya a gaba a cikin fayil ɗin .xlsx, tare da gata masu dacewa (R/RW/NA, inda NA – babu dama)
- Ya kamata a yiyu a taƙaita haƙƙoƙin masu amfani/mambobin ƙungiyar ɗaya aikin zuwa wasu kundayen adireshi na wannan aikin kawai. Mai yiwuwa mai amfani ba zai sami damar zuwa wasu kundayen adireshi/ayyuka ba, dangane da zama membobin ƙungiya.
- Lokacin ƙirƙirar babban fayil ɗin aiki, ya kamata a ƙirƙiri ƙungiyoyi ta atomatik a cikin wuraren da suka dace tare da sunayen da suka dace da ID na aikin.
Bayanan kula ga ƙayyadaddun fasaha
- Ƙirƙirar alaƙar amana ba a haɗa ta cikin iyakokin ƙayyadaddun fasaha ba
- ID na aikin ya ƙunshi lambobi da haruffan Latin
- Matsayin mai amfani na aikin ga duk yankuna suna da daidaitattun sunaye
- An shirya fayil ɗin .xlsx tare da manyan fayiloli da haƙƙin samun dama (shigarwa matrix) kafin fara aikin gaba ɗaya.
- Lokacin aiwatar da ayyukan, yana yiwuwa a ƙirƙirar ƙungiyoyi masu amfani a cikin yankuna masu dacewa
- Ana samun aiki da kai ta amfani da daidaitattun kayan aikin gudanarwa na Windows na MS
Aiwatar da ƙayyadaddun fasaha
Bayan tsara waɗannan buƙatun, an dakata da dabara don gwada hanyoyin ƙirƙirar kundayen adireshi da ba su haƙƙoƙi. An yi niyya don amfani da PowerShell kawai, don kada ya dagula aikin. Kamar yadda na rubuta a baya, algorithm na rubutun ya yi kama da sauki:
- muna yin rajistar ƙungiyoyi tare da suna da aka samo daga ID na aikin (misali KC40587) da kuma matakan da suka dace da aka ƙayyade a cikin matrix mai shiga: KC40587-EN- na injiniya; KC40587-PM - don manajan samfur, da sauransu.
- muna samun SIDs na ƙungiyoyin da aka ƙirƙira
- yi rajistar babban fayil ɗin aikin da saitin kundayen adireshi masu dacewa (jerin manyan fayiloli ya dogara da rabon da aka ƙirƙira shi kuma aka ayyana shi a cikin matrix samun damar)
- ba da haƙƙoƙi ga ƙungiyoyi don sabbin kundin adireshi na aikin bisa ga matrix samun damar.
Matsalolin da aka fuskanta a mataki na 1:
- rashin fahimtar hanyar tantance matrix mai shiga cikin rubutun (an aiwatar da tsararru mai yawa a yanzu, amma ana neman hanyar cika shi bisa abubuwan da ke cikin fayil ɗin .xlsx / damar matrix)
- rashin yiwuwar saita haƙƙin samun dama a cikin hannun jari na SMB akan faifan synology ta amfani da PoSH (https://social.technet.microsoft.com/Forums/en-US/3f1a949f-0919-46f1-9e10-89256cf07e65/error-using-setacl-on- nas -share?forum=winserverpowershell), saboda wanda lokaci mai yawa ya ɓace kuma dole ne a daidaita komai zuwa rubutun ta amfani da iacls samun damar gyara haƙƙin haƙƙin mallaka, wanda ya buƙaci ƙirƙirar matsakaicin wurin ajiyar rubutu da fayilolin cmd.
A cikin yanayin yanzu, ana sarrafa aiwatar da fayilolin cmd da hannu, dangane da buƙatar yin rijistar babban fayil don aikin.
Har ila yau, ya zama cewa ya kamata a aiwatar da rubutun don yin rajistar ƙungiyoyi a wasu gandun daji (an yi amfani da kalmar Cross-domains), kuma rabon zai iya zama ba kawai 1 zuwa ɗaya ba, amma har ma 1 ga mutane da yawa.
Wannan yana nufin cewa ƙungiyoyi daga wasu gungu-gungu, gami da dajin da ke makwabtaka da su, yanzu na iya da'awar samun dama ga albarkatun kowane yanki. Don cimma daidaito, an yanke shawarar ƙirƙirar tsari mai ma'ana a cikin OU na duk yankuna masu hidima na duk gandun daji (baƙar fata a tsaye). Kamar yadda suke faɗa, a cikin sojojin duk abin da ya kamata ya zama mummuna, amma uniform:
Don haka, lokacin yin rajistar aikin 80XXX a cikin yankin TG, rubutun yana aiwatar da:
1. Ƙirƙirar OU masu dacewa (red horizontal ovals) a cikin wannan yanki da kuma giciye-yanki, wato, wuraren da ma'aikatansu dole ne su sami damar yin amfani da wannan hanya.
2. Cika OU da kungiyoyi masu suna kamar -, Ku:
- yankin SRC_ – yanki-giciye wanda ma'aikatansa za su sami dama ga albarkatun yankin DST
- DST_domain – yankin wanda a haƙiƙa, ya kamata a ba da dama ga albarkatunsa, wato, saboda abin da aka fara komai.
- - lambar aikin
- ROLES – sunayen ayyukan da aka jera a cikin matrix samun damar.
3. karanta tsararrun SIDs na duk ƙungiyoyin duk wuraren da abin ya shafa da adana shi don canja wurin bayanai na gaba zuwa fayil ɗin da ke bayyana haƙƙoƙin takamaiman babban fayil ɗin aikin.
4. tsara fayilolin tushen (parameter / mayar) tare da saitin haƙƙin don amfani da iacKC mai amfani a cikin yanayin fayil mai aiwatarwa "icacKC "as-nasNNKCProjects" / mayar da C: TempKCKC40XXKC40XX.txt"
5. ƙirƙirar fayil ɗin CMD wanda ke haɗa duk iacls da aka ƙaddamar don duk manyan fayilolin aikin
Kamar yadda aka rubuta a baya, ƙaddamar da fayil ɗin da za a iya aiwatarwa ana yin shi da hannu kuma ana yin kimanta sakamakon aiwatarwa da hannu.
Matsalolin da muka fuskanta a ƙarshe:
- idan babban fayil ɗin aikin ya riga ya cika da babban adadin fayiloli, to, gudanar da umarnin iacls akan kundin da ke akwai zai iya ɗaukar lokaci mai yawa, kuma a wasu lokuta ya haifar da gazawa (misali, lokacin da akwai dogayen hanyoyin fayil);
- ban da ma'ajin / maidowa, dole ne mu ƙara layi tare da sigar / sake saiti idan ba a ƙirƙiri manyan fayilolin ba, amma an canza su daga manyan fayilolin da ke da su a baya, tare da haƙƙin gado daga tushen nakasa;
- Dole ne a aiwatar da wani ɓangare na rubutun don ƙirƙirar ƙungiyoyi akan dc na kowane daji, matsalar ta shafi asusun gudanarwa na kowane bishiya.
Ƙarshe gabaɗaya: yana da ban mamaki cewa babu kayan aikin da ke da irin wannan aiki akan kasuwa tukuna. Da alama yana yiwuwa a aiwatar da irin wannan ayyuka bisa tushen hanyar Sharepoint.
Hakanan ba zai iya fahimtar cewa ba zai yiwu a yi amfani da kayan aikin PoSH don saita haƙƙin babban fayil akan na'urorin sinology ba.
Idan ana so, a shirye nake in raba rubutun ta hanyar ƙirƙirar wasu ayyuka akan github, idan kowa yana sha'awar.
source: www.habr.com