Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Permissions in server 2003

  • 28-10-2005 12:27pm
    #1
    Closed Accounts Posts: 425 ✭✭


    Hi I'm trying to set up folders so there is a folder called Ms.Healy and inside that a folder called private. I want everyone to be able to read the Ms.Healy folder but only Ms.Healy herself to be able to read the private folder.

    I've been setting her group to be denied permission to read the private folder but because she's in the group she gets denied permission too!

    What is it I need to do!!!!


    Thanks :)


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    No.

    Deny permissions should really only be used when you really have to. Instead of using deny permissions on the private folder, remove the group's access to this folder, and give Ms.Healy's username the specific permissions.

    For an example of when to use deny permissions, imagine you have two usergroups. Groups A and B. Some people are in group A only, others are in Group B only, and some are in both groups. Imagine now you have a folder and you want those who are in group A *only* to have access to it. If you set the permissions for group A, then some people who are also in group B will have access to the folder. If you set access permissions for Group A and deny permissions for Group B, then those who are in both groups will be denied access to it, while those in group A only can access it.

    When calculating permissions for a group/user, it is always the most restrictive permissions that apply, not the most open. When setting folder permissions, you are not required to specify both who does and who does not have access. You specify the users/groups who do have access, and then by default all other users/groups do not have access.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    TBH I usually turn off inheritance cos it seems to obscure what permissions are actually on a folder.

    Also for private folders best to setup a user folder somewhere else - you could then put a short cut to that in the first folder - share the users folders out by username

    must dig up a batch file that uses MD , CACLS and RMTSHARE to create a users folder and set permissions and share it so in the logon script (or AD) you just add the line
    net use x: \\server\username$

    hey could even have it net user fred /add [options] /domain


  • Registered Users, Registered Users 2 Posts: 131 ✭✭theexis


    TBH I usually turn off inheritance cos it seems to obscure what permissions are actually on a folder.

    If anyone doesn't have this luxury take a look at the "effective permissions" dialog where you can easily see what a permissions a specific account has.


  • Closed Accounts Posts: 425 ✭✭alantc


    Thanks. I'll give that a go when I'm there next. I wished I'd posted earlier on Friday about this, could have at least one folder set up (of 19) but I had to leave. Won't have a chance to try it till Friday week but it makes sense now anyway.

    B


Advertisement