Permissions...is this possible

[scc]

Okay, first want to say I'm an app developer, not a network person. So I'm a bit out of my league here, but bottom line I have to support the app, and permissions affect whether the app runs or not. Just went through 24 hours of the app being down because network changed permissions.

Here's my question. Can I have a folder on the server that a group can write to/change, but not allow the user to be able to maneuver there through Windows Explorer and open (or even see) the files?

The write to/change (MS Word creates a document from a template and then does a 'save as') is all done by the application. However, once a file is created, I don't want the users to be able to go through Windows Explorer to get to any of the documents in the folder where they are stored.

Hope that makes sense. Bottom line, users have to be able the write/change a Word document via an application, but outside of the application I don't want them to be able to even read the Word document.

TIA

 

[pauljex]

HI Scc

I personally dont think that this is possible, my only thought it so your program calls the Windows 2k / XP RunAs command, and does all the read/writing to the share using a user that has access to the drive (adminstrator or power user).

e.g. the users logs in as "auser", with no access to the Word files on the share. In you application you call the RunAs command to read / write to the share. When the users closes your app the rights are lost and they cant access the files again.

I dont know if it is possible to do this but just a thought.

Hope it helps

paul

 

[apedescendant]

If it only needs to write to the file once then you can have a directory where users have write permissions but not read. That way they/the program can save the file but not reopen it.

 

[scc]

We messed with this some, and the user needed change permissions as the app uses an MS Word template and then has to name (recognized as 'renaming') the file. The app cannot give the temp MS Word file a filename unless the user has change permissions for this reason. So that 'muddies the water' a bit.

Can they have write and change without read?

Thanks

 

[pauljex]

HI scc

As far as Im aware you can have change and write rights, but not read, but this means that you wouldnt be able to open the file - unless you know the full path and filename and it stays the same each time

Cheers

paul

 

[scc]

That would be perfect, as once the file is created and saved and printed/faxed, the user never needs to reopen the file again. If they need the merged file with the data, they just use the application to recreate it with the data from the database.

Since I'm not a network person, I don't have permissions to check this out. But write/change/no read is exactly what needs to happen in this situation. That's why I needed to 'get educated' so I can help influence the permissions and still keep the info confidential from "wandering eyes".

Thanks