|
Posted by Roger Abell [MVP] on September 15, 2005, 5:28 pm
Please log in for more thread options
Jarryd
Accomplishing your task would be most simple if you were to
rearrange storage
drive:\subfolder\allowed
drive:\subforder\disallowed
That way you get out of the business of settings permissions
file by file
drive:\subfolder List to temp
drive:\subfolder\allowed Modify for files to temp
drive:\subfolder\disallowed either
do not give anything to temp, assuming no other grants
are to groups that include temp
or, deny full for temp
The way you summarized the additive effect of permissions, the
deny trumping allow, and the explict outranking inherited are correct
provided you understand
this is speaking of NTFS permissions only, not the permissions on
the share
explicit allow overrules inherited deny, so deny does not always
trump allow as you mentioned
> Hello,
>
> One of our users is going away for a few months and a temp has been hired
> to
> cover her for that period. She would like to allow the temp access to
> certain files in homefolder whilst denying access to everything else. The
> path looks something like this:
>
> Drive:\Subfolder\Files.*
>
> I have set the share permissions to all the temp Full Control. I was then
> hoping to restrict access using NTFS. The best I have come up with is to
> allow the temp to see all folders and files but only open those that she
> shoudl be able to. From what I have read, the permissions are cumulative.
> So if the temp is in groups that are assigned to the resource and they all
> have varing levels of permissions then the system will add them up to
> arrive
> at her effective permissions. Deny overrides Allow, and Explicit
> overrides
> Inheritted (so explicit Allow overrides inherrited Deny).
>
> Nevertheless I can't seem to get this the way I want it. What is the
> standard set of rules on the folder and file to allow a user WRITE
> permission to specific files in certain folders, while denying them access
> to everything else?
>
> TIA,
>
> Jarryd
>
| 
XML Sitemap