Permissions Question: Allow Read but not Copy

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi, I’m new to this type of thing and I did a search and didn't find what I
needed so if this is the wrong place or a repeat please forgive me.

We are setting up a document folder for our users for standardized forms
that they are supposed to open, edit and email without changing the document,
i.e. no saves. However it took about 10 minutes for someone to figure out
they could copy the document to a different folder and edit it there.

I'm wondering if there is a way to set the permissions on the folder to
allow read but not copy, I'd like to avoid having to lock the individual
documents internally using Word or Excel protection.

Thanks
 
There is no way to do that with standard file system ACLs. When you read
a document from a share, a copy of that document now exists in the memory
of your computer. It is impossible for an ACL on a file server to know what
you are doing with the copy in your local computer's memory.

You should investigate Windows Rights Management Services. It can give you
this kind of control, because the document now asserts its own permissions
and the application obeys whatever restrictions the creator imposed. See
http://www.microsoft.com/rms for more information.

Steve Riley
(e-mail address removed)
 
Steve is quite right, and the relatively new products for digital
rights management are intended to address just these sorts of
requirements (which by the way is not just a Windows issue).

However, there is something I am not understanding in your post.

The people get the standard form, edit it, and then email it.
This seems to imply that they must save the editied version.
So is it that you want them to be able to save the filled in form,
but not one where the form is unedited and/or where the form
structure has changed ??
(I guess I am just curious what it matters if they save a copy
of the form. I virtually never send in a complete edocument
without keeping a copy of it.)

If this is the case, you might be able to cook up a solution for
your scenario based on either web forms presented in a browser
(where their input might also be then merged into the "full paper"
form file on the server-side for sending along), or, if you have
full-featured Exchange/Outlook in use you might find a solution
within its shared folders customizations.
 
Thank you both for the responses, I had a feeling that was going to be the
case but before I launched into a full document control system I thought I'd
try.

Roger to explain a little further.
The documents they are emailing are merged forms from our database, at most
they will add a note to the form the email it directly to the client. Our
fear is that someone will copy one from our 'control folder' where changes
are made and we will have a version being sent out that shouldn't be.

Again thank you for the prompt responses.
 
Perhaps you could look into alt NTFS ACLing so that it is
impossible for someone to read a copy that someone else
has already tacked notes upon. Granted, this would not
stop the same person from making the mistake, but it would
minimize your exposure to this sort of error.
 
Back
Top