Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
6.5 Permissions List/Report 1
- Thread starter tmattson
- Start date
-
1
- #3
marvhuffaker
MIS
You can also generate a report out of the portal. The formatting is worse than what Trustbar creates, but it's easier to see exactly what permissions are assigned.
Marvin Huffaker, MCNE
Marvin Huffaker, MCNE
marvhuffaker
MIS
Remote Manager.. us folks usually interchange those terms, sorry..
I believe its under the Reports, security..
Marvin Huffaker, MCNE
I believe its under the Reports, security..
Marvin Huffaker, MCNE
- Thread starter
- #6
Thanks to all...
I have another permissions question...
I have a user that has certain rights to a high level directory. I've explictly changed the rights to a sub directory for this same user but the rights are not being applied. What can look at to correct this?
I have another permissions question...
I have a user that has certain rights to a high level directory. I've explictly changed the rights to a sub directory for this same user but the rights are not being applied. What can look at to correct this?
marvhuffaker
MIS
What rights did you assign him at the high level directory?
Marvin Huffaker, MCNE
Marvin Huffaker, MCNE
- Thread starter
- #8
marvhuffaker
MIS
You should NEVER assign S to anyone. S means Supervisor and you can't block it.. That's why it's not working. In fact, go through your system and take S out of anything it is assigned to.
A rule of thumb, and practice that I use is follows:
Grant general or very restrictive permissions at top level subdirectories. Grant more priviledges only where specifically required on specific subdirectories.
When you grant excessive rights from the top, you then have to block them wherever you don't want them, and that turns into a management nightmare.
Here are some common rights that people need:
Full: [RWCEMF]
Read Only: [R F]
Those usually accomodate 95% of scenarious.
Here is a description of each letter:
S - Supervisor (god priviledges)
R - Read (Open a file for reading)
W - Write (allows you to Modify or write to a file)
C - Create (allows you to Create a new file)
E - Erase (allows you to Delete a file)
M - Modify (ability to Modify netware attributes)
F - File Scan (Allows you to view directory contents)
A - Access Control (Ability to assign permissions)
The entire concept is pretty simple.. ask if you need any further clarification.
Marvin Huffaker, MCNE
A rule of thumb, and practice that I use is follows:
Grant general or very restrictive permissions at top level subdirectories. Grant more priviledges only where specifically required on specific subdirectories.
When you grant excessive rights from the top, you then have to block them wherever you don't want them, and that turns into a management nightmare.
Here are some common rights that people need:
Full: [RWCEMF]
Read Only: [R F]
Those usually accomodate 95% of scenarious.
Here is a description of each letter:
S - Supervisor (god priviledges)
R - Read (Open a file for reading)
W - Write (allows you to Modify or write to a file)
C - Create (allows you to Create a new file)
E - Erase (allows you to Delete a file)
M - Modify (ability to Modify netware attributes)
F - File Scan (Allows you to view directory contents)
A - Access Control (Ability to assign permissions)
The entire concept is pretty simple.. ask if you need any further clarification.
Marvin Huffaker, MCNE
- Thread starter
- #10
Marv,
Is it possible to assign priviledges such that a user can create a directory but not a file under a certain/high level directory. What I'd like to do is to keep people from moving or creating files into a high level directory, but allow them to create directories to which they can post the files.
Thanks,
Tim Mattson
IT Mgr.
WCQ
Is it possible to assign priviledges such that a user can create a directory but not a file under a certain/high level directory. What I'd like to do is to keep people from moving or creating files into a high level directory, but allow them to create directories to which they can post the files.
Thanks,
Tim Mattson
IT Mgr.
WCQ
marvhuffaker
MIS
There isn't really a way to do that with permissions. The [ C ] permission allows you to create, but it doesn't restrict anything based on whether its a folder or file. However, there is trick you could use as a deterent to force people to create folders.
- TOOLBOX.NLM (Look it up).. Make sure this is loading in your AUTOEXEC.NCF.. it needs to be running for the next step to work.
- Create a scheduled task in your portal that deletes files from your high level folder using the DEL command built into toolbox. You do this by going in your browser to http:\\serverIPAddress:8008.. You should see the option for scheduling tasks on the menu on the left.
Your syntax would be something like this:
DEL DATA:\TOP\*.*
This should delete files but not folders. If you set the scheduling on this to once a day, it will always clean out any files that have been stored in your top level folder. It shouldn't delete any subfolders.
If you tell your people this is what is going to happen, they will be forced to follow the 'creating a folder' procedure for their files instead of just dumping the file there. If they choose to save files at the top, they will be gone the next day.
I would make sure you test this before putting it into production to make sure you have the syntax right and you get consistent results. The DEL command is very powerful, so use with caution. I've seen people accidentally delete the entire volume with a simple syntax error.
Marvin
- TOOLBOX.NLM (Look it up).. Make sure this is loading in your AUTOEXEC.NCF.. it needs to be running for the next step to work.
- Create a scheduled task in your portal that deletes files from your high level folder using the DEL command built into toolbox. You do this by going in your browser to http:\\serverIPAddress:8008.. You should see the option for scheduling tasks on the menu on the left.
Your syntax would be something like this:
DEL DATA:\TOP\*.*
This should delete files but not folders. If you set the scheduling on this to once a day, it will always clean out any files that have been stored in your top level folder. It shouldn't delete any subfolders.
If you tell your people this is what is going to happen, they will be forced to follow the 'creating a folder' procedure for their files instead of just dumping the file there. If they choose to save files at the top, they will be gone the next day.
I would make sure you test this before putting it into production to make sure you have the syntax right and you get consistent results. The DEL command is very powerful, so use with caution. I've seen people accidentally delete the entire volume with a simple syntax error.
Marvin
- Status
Similar threads
- Locked
- Question
- Locked
- Question