|
Posted by Roger Abell [MVP] on September 23, 2006, 1:23 pm
Please log in for more thread options > You could provide for that by a grant to AcctsA and another of at
> least Modify to Creator Owner, but then they would be able to
> save other files into the directory (and hence have access to more
> than just the one file.
IOW you would need to add two grants.
Follow the model used in XP for directors below root of a partition
1. a grant to Creator Owner
I suggested Modify, which is set on the generic NTFS dialog, not
in the Advanced view. As soon as it is applied it "disappears" in
the generic view (well, it changes to Special) because it is automatically
changed to an Applies to Subfolders and Files only
2. a grant to AcctA (or whatever your custom group) that allows them
to create (and then the first grant takes over giving them the rest on
what they create)
For your use, this grant only needs to be a special (i.e. use Advanced)
granting "Create files / write data" Now if you look elsewhere you
will see "Create folders / append data"
> You hit the nail on the head. It is indeed Word. But even though I went
> into Advanced rights on the folder and granted "Create Files/Write Data"
> and
> "Take Ownership" for the user it still fails. I don't see where you can
> add
> "Modify to Creator Owner" though.
>
> "Roger Abell [MVP]" wrote:
>
>> The problem is not with what you have set for permissions, but with
>> how the application the person uses is handling things.
>> If you define a folder X and grant AcctsA List on the folder,
>> and have a file X\file.ext and it has a grant of Modify for AcctsA,
>> then for example, one of the AcctsA can open file.ext in notepad,
>> change it, and save it. No problem.
>> By comparison, Word would want to open a temp file in the same
>> directory and upon save rename this.
>> You could provide for that by a grant to AcctsA and another of at
>> least Modify to Creator Owner, but then they would be able to
>> save other files into the directory (and hence have access to more
>> than just the one file.
>> In short, this illustrates that it is more direct to isolate files
>> needing
>> different permissions into separate folders.
>>
>> > We have a situation in which a user is only permitted to read and
>> > modify a
>> > single file in a directory on a Win2K server. Mgt doesn't want them to
>> > see
>> > any of the other files in that directory. I granted the user list
>> > permissions to the folder and full rights to the file in question, but
>> > when
>> > she tries to save she gets the message "The save failed due to out of
>> > memory
>> > or disk space. <path\file>"
>> > I granted write permissions to the folder and it still fails. Only
>> > granting
>> > modify (and the associated "read") allow her to save. Shouldn't the
>> > aforementioned method work without granting these extra rights to the
>> > folder?
>> > Thanx!
>>
>>
>>
| 
XML Sitemap