The goal is: on a folder, users should have permissions to read, create, and modify all files in the folder & subfolders, but users should not have permissions to browse (list files) in the folder or subfolder. Administrators should have full control, including the ability to browse through the folders.
I already know how to do this if I set a deny permission. I want to avoid setting any deny's, partly because I've always heard they should be avoided & just about everything can be accomplished without using deny, but the main reason I want to avoid deny is that if I use deny, now I have to maintain a group that includes everyone except users who should have the ability to browse.
I also do not want to bypass traverse checking.
Following the procedure below does exactly what I want (but it uses deny, which I don't want):
On the root folder security:
-In Simple Permissions: Add the UserGroup to the folder and give them Modify
-Go to Advanced Permissions: Add the UserGroup again, Deny List Folder/Read Data, and apply this to folders & subfolders
Background on why I want to do this:
All data files stored in this folder are created by document imaging software. Access permissions to data subdirectories is already set in the docunet imaging system. I don't want user's to be able to do anything with this data except by using the document application. Granted, my way of approaching this doesn't completely meet that goal, but it's enough security in this case, especially given that the document imaging application does not reveal the path or filename of the images.
Start Free Trial
