Gate NTFS share ensure behind config

LiamNtfs/C4IT.LIAM.Ntfs.cs

@@ -893,16 +893,24 @@ namespace C4IT.LIAM
             IEnumerable<string> ownerSids,
             IEnumerable<string> readerSids,
             IEnumerable<string> writerSids,
+            bool allowSharePathEnsure = false,
             bool ensureTraverseGroups = false,
             bool whatIf = false)
         {
             var classification = ClassifyPath(folderPath);
-            if (!IsSupportedPermissionManagedPathKind(classification, eNtfsPathKind.Folder, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink))
+            var allowShareKinds = allowSharePathEnsure;
+            if (!IsSupportedPermissionManagedPathKind(
+                classification,
+                allowShareKinds
+                    ? new[] { eNtfsPathKind.Folder, eNtfsPathKind.ClassicShare, eNtfsPathKind.DfsLink }
+                    : new[] { eNtfsPathKind.Folder }))
             {
                 return Task.FromResult(new ResultToken(System.Reflection.MethodBase.GetCurrentMethod().ToString())
                 {
                     resultErrorId = 30008,
-                    resultMessage = $"NTFS permission ensure is only supported for folder and share paths. DFS namespaces and server roots are skipped: {folderPath}"
+                    resultMessage = allowShareKinds
+                        ? $"NTFS permission ensure is only supported for folder and share paths. DFS namespaces and server roots are skipped: {folderPath}"
+                        : $"NTFS permission ensure is only supported for folder paths unless share support is explicitly enabled. Shares, DFS namespaces and server roots are skipped: {folderPath}"
                 });
             }
 

LiamWorkflowActivities/LiamWorkflowRuntime.cs

@@ -198,12 +198,14 @@ namespace LiamWorkflowActivities
                 return result;
             }
 
+            var allowSharePathEnsure = IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroupsForShares");
             var token = await ntfsProvider.EnsureMissingPermissionGroupsAsync(
                 folderPath,
                 customTags,
                 NormalizeIdentifierList(ownerSids),
                 NormalizeIdentifierList(readerSids),
                 NormalizeIdentifierList(writerSids),
+                allowSharePathEnsure,
                 ensureTraverseGroups,
                 IsWorkflowWhatIfEnabled(provider));
             if (token == null)
@@ -420,8 +422,9 @@ namespace LiamWorkflowActivities
             if (!IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroups"))
                 return true;
 
+            var allowSharePathEnsure = IsAdditionalConfigurationEnabled(provider, "EnsureNtfsPermissionGroupsForShares");
             foreach (var ntfsArea in dataAreas
-                .Where(dataArea => dataArea is cLiamNtfsFolder || dataArea is cLiamNtfsShare)
+                .Where(dataArea => dataArea is cLiamNtfsFolder || allowSharePathEnsure && dataArea is cLiamNtfsShare)
                 .Cast<cLiamNtfsPermissionDataAreaBase>())
             {
                 var folderPath = ntfsArea.TechnicalName;
@@ -440,6 +443,7 @@ namespace LiamWorkflowActivities
                     null,
                     null,
                     null,
+                    allowSharePathEnsure,
                     false,
                     simulateOnly);
                 if (ensureResult == null)