[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 168
  • Last Modified:

User Permissions/Restrictions

The problem is that we have a departments directory which has all the files belonging to different departments e.g., Sales, Purchasing, Human resources etc. There is a particular department directory quality and with in that there is another directory  and within that directory there is 4 folders that I need to set user permissions.  Only two particular users should have full control the other users should only have read only rights.  

Ok heres what I done so far.

In the security tab, I have checked write to deny for users, and then Ive added the two users that should have full control and set the permissions to full control.  
The outcome is that all users can open the file as read only and they cannot modify the content which I want, however the problem is that the two users that should have full control basically dont have full control and files open for them also as read only.  I have tried numerous combinations but to no success.  I would be grateful if you could give me some advice, Thanks in advance.
  • 2
1 Solution
The problem is with the DENY. It is sufficient that a user/group does not appear on the security list to prevent them access. You should avoid using deny in all but extreme cases where there is no other option. The deny will alway take precidence.

If is user or group has a deny in  place, then it does not matter what other prmissions they may have anywhere  - the deny will win - so if you deny write then write is denied - no mater what.

... since all users are a member of users - and users is denied write - no one can write.

Just remove the write permission from the users group by unticking the allow - but DO NOT DENY.
IT795Author Commented:
Ok so how can I restrict normal users form editing and deleting the files?  And yet let the other two users full control?

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now