Enabling Access-Based Enumeration for a share

The access-based enumeration (ABE) feature filters directory content based on the access granted to the user who is browsing the directory. This feature is compatible with the Windows ABE feature.

When ABE filtering is enabled, you see only the files and directories to which you have access. This behavior has the following benefits:

  • Finding files in directories that contain many files is easier because the number of files shown in the listing is reduced.

  • An “out-of-sight, out-of-mind” policy is implemented.

ABE filtering is managed on a per-share basis by using the zfs command to set the Boolean abe property. See the zfs_share(8) man page.

ABE filtering is also supported on autohome shares. See the smbautohome(5) man page.

When abe=on, ABE filtering is enabled on the share. Any directory entries to which you have no access are omitted from directory listings. When abe=off or is not defined, ABE filtering is not performed on the share. By default, the abe property is set to off.


With ABE filtering enabled, you still might see files in a directory listing that you cannot open. For example, if you have the ability to read the attributes of a file, ABE filtering shows the file in the directory listing, but you will be denied access if you attempt to open the file for reading or writing. Also, user privileges might result in files being shown even though the ACL appears to deny all access.