Re: manipulating non-inherited permissions on folders
- From: Voldomort
- Date: Wed, 14 Feb 2007 09:24:19 -0800
Herb Martin wrote:
<Voldomort> wrote in message news:ZYOdnfJgA8aCNE_YnZ2dnUVZ_segnZ2d@xxxxxxxxxxxxxxxxxx
I'm trying to set up some limited access folders without having to make special groups (containers) nor go through the hassle of using "deny" to remove access to others. I've noticed that when I create a directory which I establish not to inherit permissions for itself and its children. Then I give modify privileges to some normal user, and full control to "administrator" the administrator is actually denied access to any of the child folders. It's weird. The interface really does stay
the administrator account has full control, but in fact it is denied access to read, traverse, or any other functions. Does anyone know why this is so, and if there's a workaround?
Technically all permissions are set in "one place" AN OBJECT.
Inheritable permissions, or propagating them when you make changes
at the parent makes it appear usually that the parent and child permissions
are technically the "same" -- but they are really being set on each object
in some real sense.
Directories (don't use the word "folder" if you really want to UNDERSTAND
permissions) have multiple settings for Permissions also: The directory itself
has permissions, and it also has another set (two actually) for child objects
that are CREATED in that directory (two because there is possibly a set for
containers, i.e., child directories, and a set for child files.)
What specifically are you trying to accomplish? Don't tell us (initially) how you
think to achieve that goal but tell us what the REAL and FINAL goal is....
Good enough.
Here's the final goal. I want to create a directory for User A such that that user A, and the Administrator, have read and write privileges, but that all the other users who belong to the same group as User A do have neither read nor write privileges. That is, I don't want to have to create any groups to accomplish this. And I'd prefer not to get into the messiness of using deny properties on directories, if possible.
Here's what I did.
1) created the directory [and sub-directories], and removed the "inherit
permissions". This took away access for every group, except Administrator, who now has full control.
2) Added User A to the list of those who have access. Give User A modify
privileges.
The result is that User A and read and write into the sub-directories, but any other users who belong to the same group as User A cannot, which
is just what I want. -- However, Administrator cannot read or write into the sub directories, even though he/it has full control. And this last part I find strange.
For what its worth, I'm using the default group for Users, not a special one I've created.
Thanks in advance for any help.
Voldomort
.
- Follow-Ups:
- Re: manipulating non-inherited permissions on folders
- From: Herb Martin
- Re: manipulating non-inherited permissions on folders
- References:
- manipulating non-inherited permissions on folders
- From: Voldomort
- Re: manipulating non-inherited permissions on folders
- From: Herb Martin
- manipulating non-inherited permissions on folders
- Prev by Date: Errors
- Next by Date: RE: Errors
- Previous by thread: Re: manipulating non-inherited permissions on folders
- Next by thread: Re: manipulating non-inherited permissions on folders
- Index(es):
Relevant Pages
|
