?
Solved

deny delete folder permissions

Posted on 2011-09-21
9
Medium Priority
?
841 Views
Last Modified: 2012-05-12
I have a folder template structure that is setup for each of my branch offices.  Currently the Root of the folder they only have read permissions to, everything must be placed into a subfolder.  They have Modify rights to the subfolders.  I want to stop them from being able to delete the initial subfolders but still have the ability to create/modify items within them.

I was hoping that the 'Apply these permissions to objects and/or contains within this container only' would solve at least my root folder issue - but that doesn't appear to.

So at the root is *Branch* Data, then it has 7 subfolders.  The Branch Data folder they only have read access to, so they can't put any items into this - everything must be placed within the subfolders.  They have Modify access to the subfolders.

But as mentioned, with those permissions they can delete the initial 7 subfolders.  How can I protect these folders while still allowing them modify rights to files within them?

(yes I know that was a bit redundant)
0
Comment
Question by:americaneldercare
  • 5
  • 3
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573779
Try Denying the Special permission to delete. Or give them the special permissions needed
0
 

Author Comment

by:americaneldercare
ID: 36574432
My apologies for not indicating this, I put special permission 'Deny Delete' to the Root (*Branch* Data) folder then used the 'Apply these permissions to objects and/or contains within this container only' and that did not work.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575283
Are the permissions inherited from the root?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:americaneldercare
ID: 36575482
I attached a visual hoping that might help a bit as well.  The initial 'Branch Share' has Everyone: Read, Everyone: Deny Delete (apply to container only).  The 7 subfolders inherit those initial permissions, then add on "Branch - modify" (for whomever is in that particular branch).  

I was under the impression that the 'Apply to Container only' would make it so that the Branch Share and the subfolders within it would get the 'Deny: Delete' option.  And since a Deny will overwrite an allow, I thought it would prevent them from deleting the folder even though they do get 'Modify' within the folder.  That however, does not appear to be the case.

In addition (again as I understand it) if I put the same 'Apply to this container only' the Deny Delete to the subfolders it would affect the folder as well as any files within it - thus preventing the users from deleting files directly in that subfolder (subfolder1, 2, and 3 in the attachment).

 Drawing1.pdf
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575517
When you have modify they are able to delete this is part of the permission itself there is not way around this but I thought we could pur deny delete folder and subfolder but I guess you can't
0
 
LVL 26

Expert Comment

by:Lionel MM
ID: 36579962
Not sure if this will work -- what if you add deny delete to folder and sub folders to the root directory (*Branch* Data) and apply that to the sud folders too (i.e inherit permissions) and then allow the modify right on the sub folders.
0
 

Accepted Solution

by:
americaneldercare earned 0 total points
ID: 36582309
I appear to have found the right combination of permissions.  For some reason the 'everyone' group doesn't appear to work.  But by using 'Domain Users' I was able to do DENY 'Delete' but ALLOW 'Delete subfolders and files'.

Without using the Allow they wouldn't have permission to delete subfolders/files (even though it wasn't denied).  But by using those two in combination it appears to have accomplished my need.

I have applied those permissions (individually) to each of the subfolders I don't want to be deleted.
0
 

Author Comment

by:americaneldercare
ID: 36582422
add on to that, preventing a subfolder of a subfolder from being deleted appears to be an issue.  But the initial 7 I can lock using this method.

I am still trying to figure out how to lock the other folders.

Ultimately, I am looking for a method of preventing a folder from being deleted while still allowing full access to its conents.  if anyone has a better method...
0
 

Author Closing Comment

by:americaneldercare
ID: 36895860
""
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question