Hi! I'm working on a project for a company and designing a shared folder for the organization. The company is on a Windows 2000 Active Directory Domain and uses a share folder on a server as a mapped drive for the clients, it's the "share drive" to them.
So like most companies, we have a folder for each department. Only people within that department can browse it. Here's the basic file structure:
[EXAMPLE 1]
Accounts
-Accounts Payable
-Accounts Receivable
-Pay Roll
Operations
-Operations Manager
-Dispatch
There's more, but that's an example. Then we have a master share folder at the bottom, with subfolders, one for each department.
[EXAMPLE 2]
Share Folder [All Authenticated Domain Users can read]
-Accounts
-Operations
The department can write information in their department only, and all others can read, so you can share documents between departments. The folders in the first example are only for each department, so Accounts can see each other, but nobody from outside can see in accounts. Basic stuff.
The problem I'm having, is I want to maintain the folder structure without people being able to delete parts of it by accident. So I give Admins full control, and I give Accounts group "read" access on the accounts folder root, and the person who runs accounts payable, modify access on accounts payable folder. So accounts payable can insert documents, edit documents, delete documents etc, but NOT delete the accounts payable folder. The problem of course, is if I give them access to modify in that folder, they can delete the actual accounts payable folder as well. I don't want that, since that folder is part of the structure.
So then I tried giving them delete permission BELOW the folder. This didn't work, because you could successfully do everything in the accounts payable folder, and place in say, 10 example text files. Edit them, delete them perfectly. So then I tried placing 10 example files in there again, and went back in the tree, and tried to delete the accounts payable folder. Sure enough, the folder said access denied to delete it, so I thought "yes! it works", but then I opened the folder, and the 10 example files were gone. So sure, the folder stayed, but somehow every file inside deleted itself.
Goal: I'd like to be able to maintain the
Accounts
-Accounts Payable
-Accounts Receivable
structure, while enabling users from accounting access inside there to edit and delete and create files.
Thanks!
I realize my post is long and may be hard to understand since it takes a lot of brain power normally to be able to process permissions in your head, if you have any questions or want me to narrow it down further, let me know. Thanks for reading!
So like most companies, we have a folder for each department. Only people within that department can browse it. Here's the basic file structure:
[EXAMPLE 1]
Accounts
-Accounts Payable
-Accounts Receivable
-Pay Roll
Operations
-Operations Manager
-Dispatch
There's more, but that's an example. Then we have a master share folder at the bottom, with subfolders, one for each department.
[EXAMPLE 2]
Share Folder [All Authenticated Domain Users can read]
-Accounts
-Operations
The department can write information in their department only, and all others can read, so you can share documents between departments. The folders in the first example are only for each department, so Accounts can see each other, but nobody from outside can see in accounts. Basic stuff.
The problem I'm having, is I want to maintain the folder structure without people being able to delete parts of it by accident. So I give Admins full control, and I give Accounts group "read" access on the accounts folder root, and the person who runs accounts payable, modify access on accounts payable folder. So accounts payable can insert documents, edit documents, delete documents etc, but NOT delete the accounts payable folder. The problem of course, is if I give them access to modify in that folder, they can delete the actual accounts payable folder as well. I don't want that, since that folder is part of the structure.
So then I tried giving them delete permission BELOW the folder. This didn't work, because you could successfully do everything in the accounts payable folder, and place in say, 10 example text files. Edit them, delete them perfectly. So then I tried placing 10 example files in there again, and went back in the tree, and tried to delete the accounts payable folder. Sure enough, the folder said access denied to delete it, so I thought "yes! it works", but then I opened the folder, and the 10 example files were gone. So sure, the folder stayed, but somehow every file inside deleted itself.
Goal: I'd like to be able to maintain the
Accounts
-Accounts Payable
-Accounts Receivable
structure, while enabling users from accounting access inside there to edit and delete and create files.
Thanks!
I realize my post is long and may be hard to understand since it takes a lot of brain power normally to be able to process permissions in your head, if you have any questions or want me to narrow it down further, let me know. Thanks for reading!
