Define advanced permission for folders
Hi folks!
My question is this:
What permissions should be given to the folder and files contained in it,
to allow users to see, run, modify and update the files in the folder, but they could not
erase files and sub-folders or move them to another location?
My question is this:
What permissions should be given to the folder and files contained in it,
to allow users to see, run, modify and update the files in the folder, but they could not
erase files and sub-folders or move them to another location?
NVIT
I think the modify right presumes the erase right, also.
right click to folder>Properties>Security
use this for user(s) or group(s) you want to restrict acces
use this for user(s) or group(s) you want to restrict acces
ASKER
NewVillageIT,
first of all thank you very much for the quick response
is it possible to specify in more detail?
Ideally I would like to get a picture of the screen
first of all thank you very much for the quick response
is it possible to specify in more detail?
Ideally I would like to get a picture of the screen
modify implies delete.
I played around with this idea a while back and came to the conclusion that whilst it is definitely possible with some file types, it just wasn't practical enough for my clients as it introduced one major hurdle (which I will mention below). Either way, if you're interested to test for yourself you can follow the below steps:
- Right click on the folder in question then click on Properties
- Click on the Security tab then click Advanced
- Click Edit to allow you to make changes to the Include inheritable permissions from this object's parent box as it should be greyed out thanks to UAC
- Once you've clicked Edit, you should be able to untick the Include inheritable permissions from this object's parent box
- Click Copy when prompted
- Now highlight the user or security group containing your users that you do not want deleting files/folders then click on Edit
- Tick the following boxes in the Deny column:
- Make sure the Full control, Change permissions and Take ownership boxes are all left unticked in the Allow column
- OK your way out when done
Now the problem with the above is that it will introduce one major issue - your users won't be able to edit existing Office documents (e.g. Word, Excel, PowerPoint, etc.). They will be prompted to save the document with another file name each time they modify a file. Obviously this is not ideal and annoyed the heck out of my clients who wanted to implement this sort of thing.
If you don't want users accidentally deleting a file/folder then enable auditing and then have management give them a stern warning each time files/folders go missing. They'll eventually learn.
- Right click on the folder in question then click on Properties
- Click on the Security tab then click Advanced
- Click Edit to allow you to make changes to the Include inheritable permissions from this object's parent box as it should be greyed out thanks to UAC
- Once you've clicked Edit, you should be able to untick the Include inheritable permissions from this object's parent box
- Click Copy when prompted
- Now highlight the user or security group containing your users that you do not want deleting files/folders then click on Edit
- Tick the following boxes in the Deny column:
- Delete subfolders and files
- Delete
- Delete
- Make sure the Full control, Change permissions and Take ownership boxes are all left unticked in the Allow column- OK your way out when done
Now the problem with the above is that it will introduce one major issue - your users won't be able to edit existing Office documents (e.g. Word, Excel, PowerPoint, etc.). They will be prompted to save the document with another file name each time they modify a file. Obviously this is not ideal and annoyed the heck out of my clients who wanted to implement this sort of thing.
If you don't want users accidentally deleting a file/folder then enable auditing and then have management give them a stern warning each time files/folders go missing. They'll eventually learn.
ASKER
David Johnson,
I think that the basic permission is a combination of
special (granular) permissions and therefore I need solution with the granular permissions
I think that the basic permission is a combination of
special (granular) permissions and therefore I need solution with the granular permissions
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.