A clean account model makes permissions predictable and audits painless. Use groups for policy and keep admin access rare.

See Synology NAS range

Explore models suited to home, creators, and small business in Australia.

Browse Synology

Talk to a specialist

Get sizing and compatibility advice for your workload.

Contact us

Overview

Synology DSM permissions are easiest to manage when users belong to clear groups and folders are owned by those groups. Avoid one off overrides that drift over time.

Principles to follow

Design once, then apply consistently.

  • Least privilege - grant only what users need
  • Groups over individuals - assign rights to groups, add users to groups
  • Separation of duties - limit admin rights to a few named accounts

Create groups by role

Groups describe what a person does, not who they are.

  • Department groups such as Design, Accounts, and Operations
  • Project groups for time bound work that can be removed later
  • Service groups for packages that need restricted access

Map groups to folders

Keep ownership predictable and reviewable.

  • One primary owner group per shared folder
  • Read only groups for company wide reference folders
  • Use recycle bins and snapshots per share for recovery

Admin policy and break glass

Hold admin access like a fire extinguisher: available, but rarely used.

  • Create named admin accounts and disable the default admin
  • Keep a sealed break glass account with strong credentials
  • Log in as admin only to change settings, not for daily work

Onboarding and offboarding

Document a fast, repeatable flow so nothing is missed.

  • Template new users with default group membership
  • Auto create home folders with sensible quotas if required
  • On exit, disable accounts, archive home data, and remove group access

Directory services options

Choose how identities are managed.

  • Local DSM directory for small teams
  • LDAP or Active Directory for larger sites or mixed platforms
  • Use SSO where supported by packages

Audits and reviews

Light routines keep permissions healthy.

  • Quarterly review of group membership and admin accounts
  • Export permissions for critical shares and check for drift
  • Rotate service account passwords on a schedule

FAQs

Helpful clarifications for setup and policy.

  • Should each person be in many groups - keep it minimal and purposeful
  • Can we nest groups - keep nesting shallow to avoid confusion
  • Do we need 2FA for all - require it for admins and power users

Need technical support or more detailed guidance? Please contact Synology via our Synology Support – Australia page. It includes ticket, Live Chat, warranty and downloads links.

© 2025 NAS Marketplace