Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Folder Permissions - should be easy but I am really confused

Posted on 2006-07-24
3
Medium Priority
?
232 Views
Last Modified: 2008-03-06
I have a security group called Users and a group called Bosses

I have a network share called PROJECTS with lots of subfolders,  general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.

Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off.  Full control is not Checked off.

BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES

Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.

I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder.  So I have to use NTFS permissions

The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions

I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.  

But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES

I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...

This is surely a common request - but I am stumped

I need idiot proof instructions - like check this, uncheck this

TIA - TOMG






0
Comment
Question by:Tgilbert
3 Comments
 
LVL 2

Expert Comment

by:UnifiedIT
ID: 17170771
You should not have to use Deny, just change the permissions on the USERS group so the only items checked are
Modify
List and Execute


Add the boss group and give that group Full Control

Even though the members of Boss'es are also members of user's, there higher permissions will take over and allow them full access


0
 

Author Comment

by:Tgilbert
ID: 17171780
Wrong - You are not helping - I need specific accurate instructions

You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute

While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify

There is no option in either non advanced nor advanced called List and Execute

Please try again - TOMG

0
 
LVL 13

Accepted Solution

by:
2hype earned 360 total points
ID: 17172399
On the Bosses folder you would go into Advance and Uncheck Inherit from parent.

You would go back to the security screen and give Bosses Modify Permissions.  You would the give users read and execute permissions.

Therefore, Users can only read and execut the files.  Bosses can Read, Execute and Modify any file in the directory.  A user who is both memeber of the Bosses and Users would also have Read, Execute and Modify.

You would not deny anything.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question