I'm after your opinions on the following.
I have a folder e:\templates. This folder contains all the word doc templates for the company organised into sub-folders. All the sub-folders and files receive their permissions through inheritance.
There are 2 groups of users for this folder: dlg_templatesREAD and dlg_templatesMODIFY
The dlg_templatesREAD group has the following permission setup.
e:\templates (This folder, sub-folder, files)
dlg_templatesREAD List Folder Contents
The dlg_templatesMODIFY group need to be to create\edit and delete folders and files except delete the e:\templates root folder. This group has the following permission setup:
e:\templates (This folder)
dlg_templatesMODIFY DENY Delete
e:\templates (This folder, sub-folders, files)
I have tested a number of different permission configurations but the above seems to work the best. (I do know that deny is bad practice)
Does anybody have any suggestions?.
Thanks in advance.