This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

File Dynamics for Active Directory - Advanced Permissions

Is it possible to set Advanced Permissions using FD?

We want to do the following:

Share = groups$

Folder = \\server\groups$\group

Rights (as we do it with icacls) =  (OI) (CI) (RD,WD,AD,REA,X,DC,RA,WA,RC,WDAC)

Parents
  • 0  

    - apologies for the late response.

    This is an interesting request, and the answer isn't actually straightforward. Currently this is not possible for user home folders. However, this can be done using Collaborative Storage and its dynamic templating system. That applies only to group storage—but your question sort of suggests that is what you're asking about. Could you please clarify whether this is for user home folders, or for some sort of shared storage scenario?

  • 0 in reply to   

    You're right - it is for collaborative group.

    If it's possible to do that with dynamic templating could you please direct me to the documentation that shows how?

    That said it would be very usefull to have the same possibility for home dirs :-)

  • 0   in reply to 

    Here's the documentation on configuring security in dynamic templates for collaborative storage. It's part of the Administration Guide for File Dynamics 6.x.

    Essentially, any NTFS ACEs for the -group-, -member-, or -owner- security principals used in dynamic storage templates are translated to that group. So in your case, you'd want to make sure your template includes a -group- entry in the NTFS permissions at the root of the template (since that will be applied to the root of each collaborative storage group's home folder.) That ACE should set all of those advanced NTFS permissions for each provisioned collaborative storage group on the group's collaborative storage folder.

    Note that you can use the "Apply Template" and "Apply Members" collaborative storage management actions to copy the template to existing collaborative storage groups' folders and process the template, respectively.

Reply
  • 0   in reply to 

    Here's the documentation on configuring security in dynamic templates for collaborative storage. It's part of the Administration Guide for File Dynamics 6.x.

    Essentially, any NTFS ACEs for the -group-, -member-, or -owner- security principals used in dynamic storage templates are translated to that group. So in your case, you'd want to make sure your template includes a -group- entry in the NTFS permissions at the root of the template (since that will be applied to the root of each collaborative storage group's home folder.) That ACE should set all of those advanced NTFS permissions for each provisioned collaborative storage group on the group's collaborative storage folder.

    Note that you can use the "Apply Template" and "Apply Members" collaborative storage management actions to copy the template to existing collaborative storage groups' folders and process the template, respectively.

Children
  • 0 in reply to   

    Thank you, for the answer. I'll try it out.

    As for your question about home folders:

    We need to set object inherit (OI) and container inherit (CI) on home folders because inheritance is blocked on parent folder to prevent users from looking at each others folders.