Granting "Allow" permission to a user in two user groups

Granting "Allow" permission to a user in two user groups

Post by c25vd3JpZG » Wed, 03 Dec 2008 06:28:01

Say I have a group with users Bob, Alice, Mary, and Joe (in reality we have
about 50). They each have folders "Bob", "Alice", "Mary, and "Joe" inside of
"Shared". I want to give everybody access to everybody else's folders, but I
want to deny delete permissions to everyone except the owner. Because of the
way we set up our network, all four users belong to the "MRI Users" group. I
tried giving MRI Users all allow permissions except delete, and then added
the person as another entry and granted full permissions. The problem is
that since Deny permissions take precedence over Allow permissions, and
because Bob belongs to MRI Users, his Allow permission for delete gets
overridden by the Deny permission for MRI Users. Is there any way around

Thank you,

Granting "Allow" permission to a user in two user groups

Post by Paul Bergs » Thu, 04 Dec 2008 22:27:23

Hello snowrider,
Provide them Write but not Modify permissions at the upper level. If you
don't want them to delete they won't be able to modify (Change) data within
a file.

NTFS permissions...
Write - allows the user or group to overwrite the file, change its attributes,
view its ownership, and view the permissions set.

Modify - allows the user or group to modify and delete a file including perform
all of the actions permitted by the Read, Write, and Read and Execute NTFS
file permissions.

Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

Please no e-mails, any questions should be posted in the NewsGroup This posting
is provided "AS IS" with no warranties, and confers no rights.