Re: Nested Permissions and Traversing...Best Practice

I'm not the expert in this area, but my understanding is that one doesn't
need to grant transverse permissions if absolute paths are used. I.e., you
can grant everyone access to G:\AppDev\Fiscal Systems\Active Projects\IT2500
directory, without transverse permissions on the path. But, then everyone
could not access IT2500 via a sibling path like G:\AppDev\Fiscal
Systems\Active Projects\IT25XX\..\IT2500\.

Thomas




"SixDoubleO" <SixDoubleO@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3224A720-D9FE-4788-9239-7B7811F1BDFB@xxxxxxxxxxxxxxxx
> I have a question about convention or best practices in terms of file
sharing
> and nested permissions.
>
> Assume I have the following path:
>
> G:\AppDev\Fiscal Systems\Active Projects\IT2500
>
> Staff want to limit access to the AppDev folder to just the application
> development folks. But then at a lower level (at the IT2500 folder) they
> want to allow a people outside the appdev group access to the folder.
>
> My question is not how to do this...well, sorta. What I want to know is
how
> some of you are dealing with these types of situations, as they can create
an
> administration hassle.
>
> As I see it I'd have two Domain Local Resource Groups...
>
> F_G_AppDev_W
> This grants Write access to the folder G:\AppDev and all folders beneath
it.
>
> F_G_AppDev_Fiscal Systems_Active Projects_IT2500_W
> This grants Write access to the IT2500 folder underneath the AppDev tree.
>
> I would then need to assign Traverse/List access to the IT2500 group all
the
> way up the tree so that these people can browse down to IT2500. This is
> messy, especially considering this is only one of many examples where
staff
> would like this to happen.
>
> I'd love to hear suggestions on how to deal with this. Should I just
moved
> IT2500 out to the root of G:\?
>
> Thanks for any opinions you might be able to provide.
>
> Dave
>
>
>
>
>


.

Relevant Pages

  • Re: How to set up a folder so that only the creator of a file can modify it?
    ... subfolders, and Files, This folder and files, Subfolders and Files only) ... Grant List to the group, access the Advanced view and highlight ... Modify but granting other than Full to Creator Owner is really just ...
    (microsoft.public.win2000.security)
  • Re: File/directory permissions
    ... >> projects will have the right permissions by default. ... the requirement that the users not be able to create new subfolders or files ... directly under a project's folder. ... grant List folder contents, and Read to the group of the project. ...
    (microsoft.public.win2000.security)
  • RE: IE 6 on Terminal Server Privileges
    ... You need to grant the user the write permission for the folder and all the ... | Content-Class: urn:content-classes:message ... | save any type of user ID or password that a WEB site would ...
    (microsoft.public.win2000.security)
  • Re: Protecting folder-structure against accidental alteration
    ... grant applies. ... grants for This folder and subfolders and for Files only. ... By looking at the nature of the damage I'd guess that slow-click is the ... NTFS permissions to stop renaming of the root folders in the structure. ...
    (microsoft.public.security)