?
Solved

ACL Access

Posted on 2004-03-24
1
Medium Priority
?
374 Views
Last Modified: 2010-04-19
We have a windows 2003 file server (Also DC). Users connect to a data share on the srever. The share permissions are set to "Full Control" for all users. The security permissions for the file system are set with special permissions for users:
Traverse Folder
List Folder
Read Attributes
Read extended attributes
Read Permisions

These equate to a "List Folder Contents" ACL in the main ACL screen.

Below the shared folder are a number of departmental folders e.g. Finance, Purchasing etc.

What we are trying to achieve is that people have all access to their relevant folder (controlled via departmental group access) but cannot delete any files. The main reason for this is that a Finance user could inadvertantly (?) select the finance folder within the share and delete the entire contents. We can restrict the folder from deleteion but that will still allow the contents to be removed before failing at the folder level.

We can deny the delete access by removing the "Delete" and "Delete subfolders and files" permissions from the special permissions section. However if we do that users cannot rename files or save them under a different name. Removing the "Delete" permission also removes the "Modify" permission!!

Is there a way to achieve both goals i.e. prevent file deleteion but still allow users the flexibility of renaming or performing a "Save as" for files?

0
Comment
Question by:johndawsonbooth
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 1200 total points
ID: 10670445
Sorry but no:

A rename action is effectively the same as copy to a new filename and delete the original
Anything that allows a modify must also allow a delete as a user could simply open the file and empty the contents

As an alternative I suggest you look at the volume shadow copy service to protect accidentally deleted files/folders and/or perhaps an enterprise undelete tool as offered by may vendors

Cheers

JamesDS
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question