none
restrict permission policy on share folder RRS feed

  • Question

  • I want to set one permission policy on share folder which its not happening, user or group should have modify rights but not of delete rights i have try this locally folder by every triangle but its not succeeding, Do anyone have best solution for this ?
    Tuesday, November 5, 2019 3:43 AM

All replies

  • Hi,

    You have posted in the dedicated forum for the System Center Data Protection Manager product.

    You will only be able to achieve this with user's own created files (this requires the CREATOR OWNER permission on the folder), they will not be able to modify other's files.

    Delete takes any allow permissions.

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:


    • Edited by Leon Laude Thursday, November 7, 2019 9:38 AM
    • Proposed as answer by Leon Laude 22 hours 54 minutes ago
    Tuesday, November 5, 2019 5:57 AM
  • 

    Hi ,

    Thanks for reply, I tried this permission setting the same thing user unable to create file on that folder, Its not working.

    


    Thursday, November 7, 2019 5:32 AM
  • Hi leon,

    Permission applied but not working, open below link to see snaps,

    https://social.technet.microsoft.com/Forums/getfile/1501490

    https://social.technet.microsoft.com/Forums/getfile/1501493

    Thursday, November 7, 2019 9:20 AM
  • This will only work for user's own files if you have the CREATOR OWNER assigned to the folder, only then users will be able to modify their OWN files, but not files created by others.

    Rename permission is related to delete permission, when you rename the file, in the background actually you are replacing with the new file with same content.

    The renaming actually deletes the earlier file, so without delete option granted to the users/groups, the user can't perform renaming of the file.




    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, November 7, 2019 9:36 AM
  • YES USERS ARE CREATING THERE OWN FILES ONLY NO RENAME, AFTER CREATING DEFAULT NAME FILE BY PDF WRITER TO PATH OF THAT FOLDER.  AFTER CREATING OR GENERATE  THE FILE NO ONE SHOULD DELETE THAT FILE. EVEN I HAVE GIVEN FOLDER RIGHT TO USER OF OWNER RIGHTS ALSO BUT STILL SAME CANT CREATE A FILE. ANY EXACT SOLUTION FOR THIS TO ACHIEVE.




    Saturday, November 9, 2019 4:52 AM
  • Please provide screenshots of your current Share and NTFS permissions.


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, November 9, 2019 9:37 AM
  • Hi Leon,

    Please find below links, 

    https://social.technet.microsoft.com/Forums/getfile/1502485

    https://social.technet.microsoft.com/Forums/getfile/1502486

    https://social.technet.microsoft.com/Forums/getfile/1502487

    https://social.technet.microsoft.com/Forums/getfile/1502488

    Sunday, November 10, 2019 4:35 AM
  • Unfortunately none of the links worked, if your account isn’t verified yet (get verified by replying to the thread HERE) you can use a free image hosting website or upload the screenshots to OneDrive and share the links here.

    Blog: https://thesystemcenterblog.com LinkedIn:

    Sunday, November 10, 2019 9:15 AM
  • Still not working :-/

    Blog: https://thesystemcenterblog.com LinkedIn:

    Sunday, November 10, 2019 10:26 PM
  • hi Leon,

    Please check  it will work surely now,

    https://imggmi.com/full/2019/11/11/b2eafbbe11a70b8ea0ccd713095013af-full.png.html

    https://imggmi.com/full/2019/11/11/f7ce72832df9895bce8af30fb4267ebf-full.png.html

    https://imggmi.com/full/2019/11/11/01edcf5ccf122718d924e95dd2a06d86-full.png.html

    https://imggmi.com/full/2019/11/11/7617eec88b572ce06481dc8ac4494b23-full.jpg.html

    Monday, November 11, 2019 5:07 AM
  • There is a account named "CREATOR OWNER", you will need to use this account, not any specific user account, some more info here: NTFS Creator Owner Permissions

    Note that the CREATOR OWNER account can only be applied on Subfolders and files only.

    ----------------------------

    So when you create a folder, and make it to a shared folder, this folder will automatically have the CREATOR OWNER permission, but it will only be applied to Subfolders and files only, which means that it's permissions will only be applied to all subfolders and files, not the parent shared folder that you created.

    So if you create a ShareX folder, for example:

    \\Servername\ShareX

    Then you create a folder FolderA under ShareX, as follows:

    \\Servername\ShareX\FolderA

    Now if you remove the Modify permissions for all users/groups, and only leave the CREATOR OWNER, this will allow users to write and not delete only then users will be able to modify their OWN files, but not files created by others.


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, November 11, 2019 2:29 PM
  • Dear Sir,

    Can you please show screenshots for this all scenario. It will be very helpful if this achieve.



    hemant parodkar

    Wednesday, November 13, 2019 3:34 AM
  • The above example means that all users in the group "Test Group" have the ability to create/read files, but they do not have delete permissions, however since we have the CREATOR OWNER user with Modify, this means that all users who create files, are ONLY able to delete their own files, not anyone else's files.


    Blog: https://thesystemcenterblog.com LinkedIn:

    23 hours 50 minutes ago
  • CAN YOU SHOW ANYONE OF THAT GROUP USER CAN CREATE FILE ON THAT FOLDER?

    hemant parodkar

    23 hours 6 minutes ago
    • Proposed as answer by Leon Laude 22 hours 55 minutes ago
    22 hours 55 minutes ago
  • hi  Leon ,

    not working. 

    https://ibb.co/7YDcqVM

    https://ibb.co/Z2c9jMf

    https://ibb.co/xCqXJMt 


    hemant parodkar

    22 hours 16 minutes ago
  • You are giving "Authenticated Users" Modify permissions, this will allow any domain-user to delete any files within the folder.

    Remove "Authenticated Users", then have the "test" user log out, and log back in and try again.


    Blog: https://thesystemcenterblog.com LinkedIn:

    14 hours 35 minutes ago