Folder permissions for backend

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is it possible to set permissions to a network share such that a user group
could not view the list of contents of the folder (say in Windows Explorer,
My Computer, etc), but read, write, execute, add files... all the things
users need to do to folders in order to run a backend .mdb? Just not list
the contents of the folder (in effect, making the folder contents "blind" to
users, but accessible to front-ends?)
 
Todd Lemen said:
Is it possible to set permissions to a network share such that a user
group
could not view the list of contents of the folder (say in Windows
Explorer,
My Computer, etc), but read, write, execute, add files... all the things
users need to do to folders in order to run a backend .mdb? Just not list
the contents of the folder (in effect, making the folder contents "blind"
to
users, but accessible to front-ends?)
Click to expand...

Have you tried setting permissions on *just* the target folder, ie don't
have inherited permissions?

Keith.
www.keithwilby.com
 
Keith:
Here's what seems to work:
I set a created a new folder on a 2K3 Server. I set "Advanced Security
Settings" on this folder as follows:
Unchecked "Allow inheritable permissions..." checkbox.
Allow Administrators Full Control.
Allow System Full Control.
Allow Users Traverse Folder/Execute Files, This folder only.
Allow Users Traverse Folder/Execute Files, List Folder/Read Data, Create
Files/Write Data, Create Folders/Append Data; Files Only; with "Apply these
permissions to objects and/or containers withing this container only"
checkbox checked.

Within this test folder is a backend .mdb. To that .mdb file, I set
Administrator Security properties to Full Control; and User Security
properties to Modify, Read & Execute, Read, and Write.

A Front End .mdb installed on a computer logged on by someone in the Users
group can run an the Front End application; can "see" the backend folder
container in Widows Exploerer, but cannot "see" inside the backend container
within Windows Explorer.

This seems to accomplish the objective of allowing users to run their
front-end apps, but not "see" inside the backend directory containing the
backend tables. If the user is running Access Run-Time, they wouldn't be
able to create their own apps to... well, access these back-end tables...

Any suggestions you might have for adjusting the permission scheme to
accomplish the aforementioned objective are HUGELY appreciated.

Thank you,

Todd Lemen
 
You can hide the share on the server \\server\share$ rather than
\\server\share . As long as users don't know the path, they won't be able
to see it in Windows Explorer.
 
Quite! Thanks, Joan!

TL

Joan Wild said:
You can hide the share on the server \\server\share$ rather than
\\server\share . As long as users don't know the path, they won't be able
to see it in Windows Explorer.
Click to expand...
 
Back
Top