?
Solved

ACL Access

Posted on 2004-03-24
1
Medium Priority
?
372 Views
Last Modified: 2010-04-19
We have a windows 2003 file server (Also DC). Users connect to a data share on the srever. The share permissions are set to "Full Control" for all users. The security permissions for the file system are set with special permissions for users:
Traverse Folder
List Folder
Read Attributes
Read extended attributes
Read Permisions

These equate to a "List Folder Contents" ACL in the main ACL screen.

Below the shared folder are a number of departmental folders e.g. Finance, Purchasing etc.

What we are trying to achieve is that people have all access to their relevant folder (controlled via departmental group access) but cannot delete any files. The main reason for this is that a Finance user could inadvertantly (?) select the finance folder within the share and delete the entire contents. We can restrict the folder from deleteion but that will still allow the contents to be removed before failing at the folder level.

We can deny the delete access by removing the "Delete" and "Delete subfolders and files" permissions from the special permissions section. However if we do that users cannot rename files or save them under a different name. Removing the "Delete" permission also removes the "Modify" permission!!

Is there a way to achieve both goals i.e. prevent file deleteion but still allow users the flexibility of renaming or performing a "Save as" for files?

0
Comment
Question by:johndawsonbooth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 1200 total points
ID: 10670445
Sorry but no:

A rename action is effectively the same as copy to a new filename and delete the original
Anything that allows a modify must also allow a delete as a user could simply open the file and empty the contents

As an alternative I suggest you look at the volume shadow copy service to protect accidentally deleted files/folders and/or perhaps an enterprise undelete tool as offered by may vendors

Cheers

JamesDS
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question