Dynamic Access Control Inheritance
-
2012년 4월 25일 수요일 오후 3:19
I may be just missing where the setting/option is, but is there a way to either control Inheritance or "Applies To" for Dynamic Access Control when using a Central Access Policy?
I am creating a mock up using Access Based Enumeration in a file share with Dynamic Access Controls. The desired outcome would be to apply the Central Access Policy to the root folder, so it propegates down to all of the subfolders automatically as they are created. The problem is that unless the root folder passes the configured Access Rules, the users don't have any rights to the share itself.
I'd like to be able to have the Central Access Policy apply to ONLY subfolders or files of the share and not the share itself. Things work fine if I manually add the policy to each subfolder as it's created. This isn't a preferred method by any means though. Any ideas/suggestions?
Thanks!
모든 응답
-
2012년 5월 1일 화요일 오전 2:27중재자
Hi,
Sorry for the delay in reply. I'm trying to collect more information about this question and will post back if there is anything helpful.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
-
2012년 5월 3일 목요일 오전 9:15중재자
Hi,
I discussed with other colleagues about this case. It seems that currently we do not have the option to only apply CAP to subfolders and/or files wihtout the parent folder. As it is still a BETA version, let's see if there will be a improve in release version.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
- 답변으로 표시됨 Shaon ShanMicrosoft Contingent Staff, Moderator 2012년 5월 7일 월요일 오전 7:37
-
2012년 5월 3일 목요일 오후 1:16
Thanks for looking into this. Is there anything that can be done at this point to make it a formal feature request? Not really sure of the likelihood it would make it into the release version, as it would depend on how difficult it would be to implement. However, I can already think of MANY ways it would make using the feature much more straight forward and easy to use.
I would be interested to hear if there is possibly a new way to approach designing a solution with the new features. Using "inheritance" and "apply to" are definitely familiar to most, but possibly there is a better approach with DAC. The only thing that came to mind is to create a classification/policy rule that basically allows the root folder to be tagged as "read only" for all users. Basically creating a classification to mark a folder as "Public" and then granting read rights based on that value for all users. That does allow for one policy to be applied, but still allows for the root to be read only to all users.
Although the downside there is the "Public" classification set at the root appears to automatically inherit down to all sub folders, which then gives all users read rights to everything. I think you can see where the problem exists... definitely would be much easier if you could control inheritcance and apply to settings.
- 편집됨 sgrinker 2012년 5월 3일 목요일 오후 1:22
-
2012년 5월 7일 월요일 오전 7:34중재자
Hi,
Yes I understand the inconvenience. Currently we are collecting the suggestions/reqirements from customers and report to related department. This reqirement is already reported. Let's see if there will be an improvement.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
.png)
