Allow write access to new files, but read access to existing files

  • Thread starter Thread starter eagle
  • Start date Start date
E

eagle

I'm trying to setup an archive folder for storing CAD data. I want my user
to be able to copy files (from a working folder to the Archive folder) but
once the file is there, they can not change/delete the file.

And if the file already exists, and the try to copy over it with a file of
the same name, they are not allowed.
 
Hi,

Turn off inheritance on your folder, and next for users set permissions:
- Read & execute
- List Folder contents
- Read
and next in Advanced add Create file / write data permission

Marcin Domaslawski
 
Turn off inheritance on your folder, and next for users set permissions:
- Read & execute
- List Folder contents
- Read
and next in Advanced add Create file / write data permission
Click to expand...

To fine-tune this a little, make sure CREATOR/OWNER has no permissions, and that
the Create file permission is set to apply to "This folder only".

This still won't prevent people from deleting the files they created themselves
if they know what they are doing, but it will usually protect against
accidentally deleting or overwriting them.

Unfortunately Windows provides no way to prevent a user from deleting a file he
created himself. (Short of having a program running which watches for new files
and changes the ownership.)

Harry.
 
Hi,

When you copy file(s) to an folder its permissions are inhetited from this
folder (when you move file - is different). So if you set permissions
properly - you will able to force, you copy file to your prepared folder but
you will not able to delete or change it any more.

In this case we're talking about restricted users and not administrators -
admiinstrator is 2nd after the God ;-) .

Marcin Domaslawski
 
Forget permissions, they're a hiding to nothing.

Create two folders, one shared the other not.

Users upload files to the shared folder.

Nightly, a sheduled task runs which copies/moves them to the restricted
folder. XCOPY should be adequate for this.
 
Marcin said:
When you copy file(s) to an folder its permissions are inhetited from this
folder (when you move file - is different). So if you set permissions
properly - you will able to force, you copy file to your prepared folder but
you will not able to delete or change it any more.
Click to expand...

Ah, but there is a catch. When you create a file (which includes creating a new
file by copying an existing one) you are assigned ownership of the new file, and
the owner of a file (even restricted users) can always change the permissions on
that file.

The upshot is that the person who creates a file can always delete it, though
they might have to change the permissions on the file first in order to do so.

Actually I've just remembered that there was once a way around this (which may
still work) using share level permissions. If the permissions on a share
allowed a user change but not full access, the user couldn't change permissions
on files on the share even if they owned them. This definitely worked in the NT
4 days, it probably still works but I don't know for sure.

Harry.
 
The only problem with that is that my files a CAD files, that have links to
other files by folder path and filename. I need to use a my CAD software to
copy the files to this folder to maintain all links. I can't batch this yet
(working on a VB program to do it for me).
 
This worked (once i played with it for abit). The problem was that my data
(CAD models) has links to other files, and once i copy them there, my CAD
software needs to change the links so everything is pointing to the Archive
folder. It can't do that since it doesn't have wrtie permissions.

This setup however is a great setup for non CAD data folders at my company
where we have to put everything in a sharder folder, then 1 guy copies them
over to a "locked" folder when ever he wants. Hard to find stuff when there
are multiple locations.

Thanks for the help
 
Back
Top