PToN Premium Member join:2001-10-04 Houston, TX |
PToN
Premium Member
2013-Apr-25 12:58 pm
[2K3] NTFS permissions...Hello,
There is this one folder that i need to be able to add/create/append/modify/rename/move without ever deleting anything.
Basically users will store files from various scanners into a FOLDER1, this has several other folders, the scanned files will have a generic name the scanner assigns, once scanned the user will have to rename it and place it on a specific folder.
I have gone into the advanced security properties for the folder and denying delete and delete folders and files doesnt allow you to rename or move anything.
Can this be done or do i need to change my strategy to accommodate the way the permissions work?
Thanks. |
|
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
Kilroy
MVM
2013-Apr-25 1:21 pm
You're going to have change your strategy. Some of the other functions you want actually include a delete. I don't know about the rename, but a move is a copy and then delete.
My experience is to not get too fancy with permissions. If you can't handle it with Read, Write, and Create then see if there is another way to handle it.
In your case I'd recommend part user training and part a different way of doing things.
1. Scan folder gets cleaned on an X day basis, files older than X days will be deleted, X should be a week or less. The prevents people from using the scan folder as a storage area.
2. All files must be moved to a different location before X days, see above.
3. Putting the specific folders in the Scan folder is just asking for problems. Best to have another folder to hold these. For example your scans might go into the Scan folder and the users need to move the scans to the Storage folder.
How often you actually clean out the scan folder is up to you, but when you do if you stick to deleting all files older than X days the users don't have a right to complain. |
|
dave Premium Member join:2000-05-04 not in ohio 1 edit |
dave to PToN
Premium Member
2013-Apr-25 2:01 pm
to PToN
Rename requires delete access. You can't get round that. Supporting evidence: this link is to [MS-FSA], which is a technical document describing certain file system algorithms to third-party developers. Observe the very first step is to check for DELETE access being granted. |
|
PToN Premium Member join:2001-10-04 Houston, TX |
PToN
Premium Member
2013-Apr-25 3:45 pm
Thanks. That's what i was suspecting. |
|
psafux Premium Member join:2005-11-10 |
to PToN
Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up. |
|
|
said by psafux:Give them full permissions (which is basically what you want) and keep the folder backed up. All data that is user-facing should be backed up routinely... Users -will- find a way to screw it up. I would not recommend setting it to full since they would be able to change permissions which is typically undesirable. Dave |
|
HarryH3 Premium Member join:2005-02-21 |
to PToN
Microsoft sorta missed the mark when creating NTFS file permissions. Back in the day when Novell was king of the server world they had many more options available for assigning user rights, one of which was erase. You could assign Read, Write, Modify, but not assign Erase and accomplish what you are trying to accomplish. You can see the full list about one page down here: » support.novell.com/techc ··· 101.html It just always seemed to make more sense... |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
Kilroy
MVM
2013-Apr-29 10:19 am
HarryH3 , lets not go into how much better Novell was for user and file management over Windows. If only they had better marketing back in the 4.xx days. My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off. |
|
HarryH3 Premium Member join:2005-02-21 |
HarryH3
Premium Member
2013-Apr-29 10:36 am
MS killed Novell the same way they killed Netscape, by giving stuff away until everyone was hooked and Novell was no longer a major player. (Though I don't miss doing client updates with Novell. That stuff was a major PITA back in the 3.x and 4.x days.) I haven't even seen a Novell implementation since '95 or so. But I still recall (and often miss) the excellent granularity of control that it offered! But MS doesn't have a tactic to overcome the mostly Free status of all those linux servers out there today. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave to Kilroy
Premium Member
2013-Apr-29 11:42 am
to Kilroy
said by Kilroy:My favorite difference is that in Novell when you cut off network access it is immediate, for Microsoft you've got your access until you log off. That's part of the general pattern which says that access is granted when an object is opened, the access rights attach to the open handle, and subsequent changes to permissions don't affect the open handle. I like it because it is consistent and therefore predictable. |
|
CartelIntel inside Your sensitive data outside Premium Member join:2006-09-13 Chilliwack, BC |
to PToN
|
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2013-Apr-29 5:58 pm
I wouldn't have thought so. Recall, he doesn't want to give people delete access. That program requires either that the files/folders grant 'write owner' access (more powerful than delete access) or the users have 'take owner' privilege (which basically lets 'em take over anything). |
|