Deny permissions 1

[disturbedone]

I've been asked for configure a strange but not, I think, impossible request to configure access to a folder to allow students to create new & change all files but not delete anything.

Most of the time I give Modify access. My thinking is that those who have access should be responsible enough not to delete things so have never had a need to use the Deny permission.

In theory it should be possible. I edit the existing permission for the group and click Deny next to 'Delete' leaving the existing Allow ticks for read/write/etc. But upon doing so the files disappear from view of the users. They can still access the folders but they files & subfolders have disappeared. I also noticed that it creates a new permissions entry for the group with only Deny for Delete ticked, all others aren't ticked.

Am I missing something? Although it's a bit of a pain and it would be simpler to leave it as Modify and restore backups if required, the user wants this and I think it should be possible.

 

[technome]

Once you need to make changes to most files, the system needs to delete the original, so presently the MS permissions do not allow you to stop deletions with the "change" permission; the "deny" over rules the change permission. Yes, it a royal pain, causes big problems at times.
Not an answer but I equip all my client's major servers with "Undelete" by Diskeeper, so I can easily resurrect accidental deleted files and file revisions easily.

With Novell you could provide your permission scenario due to "delete inhibit", but Microsoft has not come up to bat on this.

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm