Re: How to restrict access to just Files, not Folders
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 01/31/05
- Next message: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Previous message: Desmond Lee: "Re: Patch Management"
- In reply to: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Next in thread: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Reply: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Jan 2005 20:34:15 -0700
I am in total agreement on always finding a way to avoid using
a deny if at all possible.
There is something of an art in finding out how to set advanced,
aka special, permissions with the least frustration and re-attempts.
In example of this post, using only Users group for example, I would
1. set a grant of Modify for Users
2. go to Advanced and change the Modify grant to Files only
3. OK/Apply back to the generic permissions view, and there
set a grant of List folders
There are cases where doing the same things in a different order
causes what has been done to get wiped out because it is implied
in an ACE through which one only temporarily passes if using the
generic permissions dialogue. It can be very frustrating until one
catches on, but so can making sure all the individual checkboxes
of an advanced edit view are in place.
-- Roger "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:umI5CsyBFHA.3416@TK2MSFTNGP09.phx.gbl... > It looks like you pretty much did what I suggested with two different > groups though I believe I misunderstood your original post thinking that > you wanted to let users create/modify folders but not files for whatever > reason. You will find that you have great flexibility with advanced > permissions and I usually try to accomplish a configuration without using > deny permissions which tend to complicate things, particularly since an > explicit allow overrides an inherited deny. --- Steve > > > "Tom Gibson" <Tom Gibson@discussions.microsoft.com> wrote in message > news:97E9C963-07EF-4771-91AC-2F56A38AE3DB@microsoft.com... >> to all: thanks for the quick responses. >> I had selected the constraint of Files only, but then my users were not >> permitted to traverse any subfolders. >> >> I had missed the fact that users could be listed in the Advanced page >> more >> than once. I shall have to try that. >> >> My solution: >> Authenticated Users: Traverse Folder / List access - This folder, >> subfolders >> and files >> Folder Admins: Modify - This folder, subfolders and files >> Folder Users: Modify - Files only >> >> Then I reset it for all objects below. >> Now, when for each folder, the files have the permissions required. A >> user >> can add, delete, modify any files. But to traverse the folders, they are >> using the Authenticated Users permissions. >> >> Thanks >> >> "Steven L Umbach" wrote: >> >>> This should work. On the main security page give the group >>> read/list/execute >>> to the folder. Then go into "advanced" permissions and add the group >>> again. >>> Then select "folder and subfolder" in the apply onto box and check all >>> the >>> permissions other than full control and change permissions. What many >>> seem >>> to miss is that a user or group can be listed multiple times in advanced >>> permissions. --- Steve >>> >>> >>> "Tom Gibson" <Tom Gibson@discussions.microsoft.com> wrote in message >>> news:EF4D0033-221C-4201-A893-90C536D34349@microsoft.com... >>> >I want to restrict access to users to be able to create, delete, modify >>> > files, but not folders. >>> > The security options are not granular enough that I can tell. >>> > If I unselect Delete Subfolders and Files AND Delete, then folders >>> > cannot >>> > be >>> > deleted, but either can files. >>> > If I unselect just Delete Subfolders and Files, and leave Delete, then >>> > both >>> > can be deleted. Same is true if just Delete Subfolders and Files is >>> > selected. >>> > >>> > Any recommendations is requested and appreciated. >>> > >>> > Thank you. >>> > >>> > Tom Gibson >>> >>> >>> > >
- Next message: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Previous message: Desmond Lee: "Re: Patch Management"
- In reply to: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Next in thread: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Reply: Steven L Umbach: "Re: How to restrict access to just Files, not Folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
