locked
File Permissions set wrong after File upload thru UAG FileAccess RRS feed

  • Question

  • Has anybody ever checked the ntfs file permissions after having uploaded a file via file access in UAG?

    I wonder if I have missed something but my permissions on the file are not set to the AD Group the user has logged on.
    Although the user who uploaded the file has ownership of the file, but not the delete attribute on, causing him not being able to delete the file.
    The group permissions are not applied either. Regardless what is set on the shared directory, 3 group permissions are applied, Everyone (read), System and Administrators (full).

    This is not the case if the user creates a new folder. The permissions are inherited from its parent.
    But again, any further files uploaded to the new folder do not have their expected permissions set.
    It looks like as if the files stored do not get inherited permissions of the directory they are underneath.

    Does anybody else come across with the same problem?


    Regards, Jim
    Friday, June 25, 2010 7:39 AM

Answers

  • Hi Jim,

      This is how File Access is currently designed to operate, the decision to implement it this way was done as part of the design decisions around security when File Access was created.  We've extensively discussed this with the UAG Product Group and in the SP1 release of UAG there will be an option to allow File Access to be alternatly configured to inherit permissions from the folder that the file is uploaded to.  I don't have any further details at this time on the change or how exactly it will work, or the way to enable it.  I also don't have any specific date on when SP1 will be released.

    If you do not want to allow users to upload files so that they will not face these issues you can set the upload policy for File Access to never which will in effect make File Access Read Only.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    • Proposed as answer by djh-msft Thursday, July 1, 2010 11:05 AM
    • Marked as answer by Erez Benari Monday, July 26, 2010 9:13 PM
    Thursday, July 1, 2010 11:05 AM

All replies

  • Yes ur correct Jim! It doesnt work.

    • Proposed as answer by ZarkoC Friday, April 15, 2011 1:38 PM
    Monday, June 28, 2010 10:28 AM
  • Hi Jim,

      This is how File Access is currently designed to operate, the decision to implement it this way was done as part of the design decisions around security when File Access was created.  We've extensively discussed this with the UAG Product Group and in the SP1 release of UAG there will be an option to allow File Access to be alternatly configured to inherit permissions from the folder that the file is uploaded to.  I don't have any further details at this time on the change or how exactly it will work, or the way to enable it.  I also don't have any specific date on when SP1 will be released.

    If you do not want to allow users to upload files so that they will not face these issues you can set the upload policy for File Access to never which will in effect make File Access Read Only.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    • Proposed as answer by djh-msft Thursday, July 1, 2010 11:05 AM
    • Marked as answer by Erez Benari Monday, July 26, 2010 9:13 PM
    Thursday, July 1, 2010 11:05 AM
  • Hi Jim,

      This is how File Access is currently designed to operate, the decision to implement it this way was done as part of the design decisions around security when File Access was created.  We've extensively discussed this with the UAG Product Group and in the SP1 release of UAG there will be an option to allow File Access to be alternatly configured to inherit permissions from the folder that the file is uploaded to.  I don't have any further details at this time on the change or how exactly it will work, or the way to enable it.  I also don't have any specific date on when SP1 will be released.

    If you do not want to allow users to upload files so that they will not face these issues you can set the upload policy for File Access to never which will in effect make File Access Read Only.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support

    Hi Dan, I just experienced the same issue today and found this post. Now I'm using SP1 and cannot find the option to configure inherited permissions. Could you please let me where I should go to check? THanks a lot. Li
    Friday, May 20, 2011 1:24 PM
  • Hi Li,

      There is no options needed to be configured once UAG SP1 in installed for inherited permissions to be applied.  If the folder that the file is being uploaded to is configured to inherit permissions the files uploaded will inherit the folder permissions, if the folder is not configured to inherit permissions, the uploaded files will have the user's permissions applied to them.  Ben Ari from our UAG support team will likely be bloging about this in the next few weeks.

    Regards,
    Dan Herzog
    Microsoft CSS IAG/UAG Support


    Wednesday, May 25, 2011 6:40 AM