Modify but not delete permissons
Posted on 2007-10-09
I am having a specific issue with regards to granting permissions on an NTFS shared drive on our server. We are currently moving towards EDM, and so needed to create a file storage structure for users to store all documents on specific clients in particular folders. We need users of these directories to be able to add documents, edit documents, add folders, and change the names of both files and folders. The only permission we don't want to grant is the ability to delete folders or files.
Now i thought this would be fairly trivial, as we already had all the permissions groups created, and i thought all we would need to do is edit the advanced NTFS permissions for this group and deny the "delete" and "delete subfolders & files" permissions. I have done this, and true enough deletion is denied, but when i create a new folder for example, i can not name this folder.
I do understand that there may be issues with users who try to execute MS documents straight from the archive, as the application won't be able to delete the temporary files created. If this is the case then i may have to draft policy on managing and editing these documents, but not being able to name or rename files or folders is particularly frustrating as i need the users to take some responsibility for creating some of the lower level file structures as an ongoing improvement process.
This is really strange to me as the write permissions, in fact all other permissions, are allowed - so i can't see why this doesn't work.
Any help again muchly appreciated, thanks for all your time in advance.