User Directories and Access Control

The right people access the right data. Every time.

Precise role-based permissions. Real-time quotas. Cryptographically isolated tenants. Qumulo puts you in complete control of who accesses what, across your entire hybrid cloud environment, without adding operational complexity.

Read the Security Whitepaper See it in Action

The right people access the right data. Every time.

Built for Control. Designed for Security.

Zero-Trust

security posture enforced across every deployment, cloud and on-prem

Real-Time

quota enforcement and access evaluation, with no performance penalty

100%

audit coverage with native logging across all user and API activity

Control without complexity. Security without slowdown.

Protecting sensitive unstructured data shouldn’t require a team of specialists or a tangle of custom scripts. Qumulo delivers a complete governance layer out of the box: granular permissions, instant quotas, and multi-tenancy that's cryptographically enforced, not just policy-based.

Granular Permissions

Restrict file and API access with precision using role-based policies. Every request is evaluated in real time against the user's role, not just a static ACL.

Instant Quotas

Enforce capacity limits the moment they are set. No runaway data growth, no surprise storage bills, and no manual intervention required.

Complete Audit Visibility

Every file access, permission change, and API call is logged natively. Your audit trail is always complete, always current, and always ready for review.

Enterprise-grade access control, built for how your business actually operates.

From cryptographic multi-tenancy to dynamic share restrictions, Qumulo handles the access scenarios that matter most to security, compliance, and operations teams.

Cryptographic Multi-Tenancy

Isolate internal departments or external partners into fully secured enclaves. Each tenant receives unique encryption keys through Qumulo Stratus, making their data mathematically invisible to every other user on the shared storage core. This is zero-trust isolation, not just policy separation.

Centralized Identity Integration

Connect to your existing directory services, Active Directory, LDAP, and Microsoft Entra ID, without rearchitecting your environment. SSO and MFA are enforced consistently across every Qumulo deployment, whether on-prem, in AWS, Azure, or Google Cloud.

Dynamic SMB Share Restrictions

Access Based Enumeration ensures users only see the files and shares they are explicitly authorized to access. Sensitive directories stay invisible to unauthorized users, not just inaccessible. This closes the gap between what users can see and what they should see.

Unified Global Policy Management

Manage every access rule, quota, and security protocol from a single control plane through Qumulo Nexus. One interface governs your entire data estate, regardless of where the data physically lives. No per-cluster management, no policy drift, no blind spots.

One control plane. Every user. Every location.

Integrate Active Directory, LDAP, or Entra ID with no changes to your existing directory infrastructure. RBAC policies are deployed instantly and apply across every Qumulo deployment from a single configuration.
When a user requests access to a file, Qumulo evaluates their role, quota limits, and share permissions simultaneously. Decisions are made in milliseconds, with no latency added to the data path.
For environments requiring strict isolation, Qumulo Stratus encrypts each tenant's data with dedicated keysets before it reaches the shared storage core. Infrastructure is shared. Data privacy is absolute.
All access rules, quotas, and security policies are visible and manageable from one interface. Whether your data is on-prem or spread across multiple clouds, Nexus keeps your entire policy set consistent and auditable.