I'm trying to create a project structure that has a shared folder and a private folder. Everyone has access to the shared folder and everyone in the group has access to only their private folder. Whats the best way to do this ?
According to Google Drive Files and Folder Permission you can set the level of the availability of your files and folders.
Types, roles and values: how the permissions work
Lists of permissions are available for each file and folder in Drive.
Each permission specifies a type, role, and emailAddress or domain,
permitting a level of access to a file or folder. These values work
together to limit the access appropriately. The type limits access to
a set of users. The email address and domain fields specify which
users can have access. Finally, the role gives these users the ability
to do something to the file, like read it. When combined, these
properties define a complete permission.
Related
I've seen a lot of answers on copying files that use code to set a network share, with credentials, to copy to somewhere else. However I need a solution that will allow a user to copy from a network share they already have access for, to a local drive they don't have access to.
We run RDS servers and have locked down direct access to the local C:/ drive on the servers. We have been given a 3rd party program that needs to read data files that must be stored in a fixed path on the C:/ drive. These data files are updated once a month. Our users have read access but we do not want to give them direct write access to the root C:/ drive.
I need to write a piece of vb.net, or command line code in .bat file that will copy files to the Local C:/ whilst providing the details of a service account to provide the access.
As mentioned I've seen a lot about setting up a mapping to shared folder and passing creds, however we don't want to set the C:/ as mapped shared drive in this instance.
You don't want the user having access to the C Drive in general, is there any particular reason the permissions on the particular subfolder the files are going to can't have overriding permissions to allow writing to just that folder?
If that will not work, first thought that comes to mind is having a helper program that can be ran under a different user that does have that access. Set up an intermediate folder the user can write to, the program that they can launch drops the files into a folder they have access to. Helper program watches for files in the intermediate folder, moves them to where they need to be.
Set up would need to include adding a user that does have access to both locations, and then adding to task manager to launch the helper program under that other user at login.
My Problem: My app creates a folder with some files that it shares with other accounts. This works fine as long as the other accounts just update the existing files. But when they create new files, these are owned by that account and the sharing account (e.g. my app) has no access to them.
So my question is: Is there a way I can enforce that all files created in or copied to the shared folder are owned by the account that created the folder, or that account has at least r/w - access to that files (like SetGID on directories with Unix/Linux)
Thanks for your help.
Is there a way to create or set permissions on a Google Drive folder that allows users to create or upload files to the folder, but not create additional nested folders? Ultimately I would like users to be able to add files to folders, but not change the overall folder structure.
I've been able to set the role of the user for a folder:
https://developers.google.com/drive/api/v3/reference/permissions/create
However, once I give "writer" permission to a user they are able to both upload files and create folders.
https://developers.google.com/drive/api/v3/manage-sharing
Unfortunately, the permission and role functionality combined with the structure of Drive don't allow for the ability to allow users to upload and edit files without also allowing them to change the apparent folder structure of the Drive.
As stated on the Google Drive REST API Documentation about Permission structures in Drives, a file's permission consists of four parameters:
Permission Type (user/group/domain/anyone)
Email Address accociated with the permission
Domain that has access to the permission
Role
There are only 5 assignable roles for file permissions, as can been seen in this table:
Additionally, Google Drive doesn't use a file system, and in actual fact folders in Drive are just files with MIME Type application/vnd.google-apps.folder. You can see this by querying the MIME Type of a folder ID or on the Drive Supported MIME Types reference.
Our current instance of Sitecore (8.2) is set up with one main website and multiple sub-websites. Each sub-website has their own set of users/roles and a folder in the media library. Initially every role has full access to every folder and you must deny certain access (write, create, rename, and delete) manually for each folder for each role. For every new folder that is put into the media library, you must then go back to all the current/older roles and update their permissions (denying the write, create, rename, and delete access) manually for each new folder.
We are looking to simplify this solution so each current/older role is denied permissions automatically for each new folder added and each new role is automatically denied permissions to all current/older folders.
How would this be possible?
Try to avoid denying access, it's not a good practice.
In a clean Sitecore install the role "Sitecore Client Authoring" is given modify permissions on all descendants of the media library root folder. If you remove this role from the root folder, all users will be denied access to all sub folders. Now you can add modify permissions (write, create, rename and delete) for each folder, only for those roles who need access to it.
I have a shared folder in my network where a lot of users access and store their documents. I'm admin of this shared folder and I've denied delete permissions for all other users.
The problem starts when a user creates a new folder and tries to rename it.
Windows says "Access denied"
I'm assuming that this might be because I've denied delete permissions for that user.
(Since Rename=Delete+CreateFolderWithNewName)
Is there any way so that I can keep the delete permissions intact, and allow the user to rename his files/folders?
Or any other workarounds?
I'm using Windows Server 2008 and NTFS file system.
As suggested, you should look into the folder design / your setup.
A kind of Work around, is to give "Delete" and "Delete subfolders and files" rights to "CREATOR OWNER", then the creator of the file or folder is able to rename (and delete) his own files/folders.
Maybe you could Schedule a nightly powershell script (not privided) which takes ownership of all files and folders, to restrict owners from future renaming/deletion of files
If they creating in the shared folder it will inherit the permissions of the shared folder. You would need to break inheritance and allow delete permissions on the sub folder to achieve what you want.
There are two managable solutions if there are alot of folders created in the root.
Write a service/application to do that for you.
Create a series of folders (perhaps person/team based) in the folder, change the permissions on them and tell users to store files in there.