File Server Permissions Design Question
- From: "-Steve-" <newsgroups@xxxxxxxxxxxxxxx>
- Date: Tue, 10 Oct 2006 08:42:36 -0700
We're in the process of migrating to a new file server. Our shared drive
has a basic structure of:
Shared\Department\Sub-Department\<one public folder & one private folder>
Our original thought was to have one Read and one Read/Write group for each
public and private folder. Those groups would then be populated by role
based groups (department groups, position groups (ex all managment)). I've
written a script that you can point to a directory structure and it creates
the appropriate groups and assigns the security permissions.
However I end up creating a lot of groups. Just in ITS (for example) we
have 15 sub-departments so that will produce 60 groups right there. On the
other hand everything is very structured and in theory you can mange file
security permissions from within AD. Since everything is scripted you never
need to go and look at folder permissions (except for the file server admin
guys when troubleshooting).
I'm also concerend that users will end up being in groups that are nested in
a substantional number of groups. For instance most of the public-read
groups for ITS will contain the group "ITS - All Staff". That means any
given ITS employee will have 30 security group tokens just from this.
Any thoughts or opinions?
Steve Evans
.
- Prev by Date: Re: R2 Install Problem
- Next by Date: Re: Allowing user to traverse folders to access a directory
- Previous by thread: Network connectivity - Replication Issue
- Next by thread: Re: Allowing user to traverse folders to access a directory
- Index(es):
Relevant Pages
|
