General discussion

Locked

Share permissions

By Blackcurrant ·
Hi

I have a share which is used for email. The share contains folders named after each member of staff. I would like to know how I can enable all users access to the share, but only allow a user to access their folder.

E.G. The share name is Mail. Sub-folders are named John, Sarah, Richard etc. I want to allow John, Sarah and Richard access to the Mail share, but I only want Sarah to be able to access the Sarah folder, and not be able to access to John or Richard folder.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by bob.lentini In reply to Share permissions

This would depend on your OS. If you are using NT/2000 then I have answered your question below.

I would suggest that you allow Read only permissions for All Users to Mail. You will then need to set the permissions for the users. For example, "Sarah" should not inherit permissions from the parent folder "Mail". Once that is set, then you would want to set the permissions so that only Sarah would have full access to the "Sarah" folder. Remove ALL other users from the share.

Hopefully this helps.

Regards,

Bob

Collapse -

by Blackcurrant In reply to

Poster rated this answer.

Collapse -

by Kinetechs In reply to Share permissions

Hello,
Hopefully your using NTFS for you file system. If not then convert it!

Next, share the mail folder out and set the permissions fo that all users have "Full control".

Lastly, assign NTFS permissions on each individual user folder only assigning that user permission.

This will allow all users to connect to the mail share but only have access to their folder.

Cheers!
~Sean

Collapse -

by Blackcurrant In reply to

Poster rated this answer.

Collapse -

by Tictag In reply to Share permissions

ASSUMPTIONS
1. You have an NTFS file system
2. You have shared the MAIL folder with share permissions FULL CONTROL / EVERYONE

MAIL FOLDER
Using the security tab in the folder properties ensure that ADMINISTRATORS and SYSTEM have FULL CONTROL and the EVERYONE group has read only access to THIS FOLDER ONLY*

*The easiest way to do this is to ADD the EVERYONE group using the default security tab leaving the default READ&EXECUTE, LIST FOLDER CONTENTS and READ permissions set. Click on ADVANCED, select EVERYONE*, click on VIEW/EDIT and change the APPLY ONTO drop down list to THIS FOLDER ONLY.

USER FOLDERS
Using the security tab on each user folder, ADD the user, granting them FULL CONTROL permissions.

This will allow administrators and the operating system to access all folders, allow all users to read-only view the MAIL folder but only allow specified users access to their specific folders.

A lower administrative burden solution:
If you wanted to allow your users to create their own folders you might want to consider applying THIS FOLDER ONLY permissions to the MAIL folder for the EVERYONE group to:
LIST FOLDER / READ DATA
READ ATTRIBUTES
READ EXTENDED ATTRIBUTES
CREATE FOLDER / APPEND DATA
READ PERMISSIONS

ADD CREATOR OWNER / FULL CONTROL
ADD ADMINISTRATOR / FULL CONTROL
ADD SYSTEM FULL CONTROL

In this scenario administrators and the operating system always have full access, users can read the root folder, users can create their own folders and only the user creating the folder can then subsequently access it.

This scenario (minus the LIST FOLDER / READ DATA permission) is also good for secure redirected folders.

Regards,
Tictag.

NB
Use AUTHENTICATED USERS instead of EVERYONE if enhanced security is required.
Use MODIFY instead of FULL CONTROL (for users and creator/owner) if you want to prevent them changing permissions.

Collapse -

by Blackcurrant In reply to

Poster rated this answer.

Collapse -

by Blackcurrant In reply to Share permissions

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums