Jump to content
Forum²

Recommended Posts

Posted

Dear all,

 

I am having problem inheriting a parent group's permission to a child group.

 

OS: Windows 2008 R2 Enterprise.

 

Scenario

 

SECURITY GROUP A

..........|______Security Group B

..............................|__________ USER A

 

If I place permission on a folder and restrict Group B from it, User A cannot access the folder.

However, if I place permission on a folder and restrict Group A, User A still can access the folder.

 

From my observation, Group B does not inherit Group A's permission. I also checked effective permission and it shows nothing when the restriction is applied to group A.

 

Is there any way I can work this around?

 

Thank you in advance.

 

Andy

Posted

When you specify specific permission to a folder, you must map the directory itself. Remember that if you want to be able to list folder, there's the appropiate policy.

 

If you can provide more details (examples) like: folder name, user name it's easier to solve the issue.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Here is the example.

 

Groups:

MIS-ListOnly

CDNUsers (member of MIS-ListOnly group)

 

Users

William

 

Folder

MIS

 

 

Scenario

When I use MIS-ListOnly group to set permission on MIS folder, William still can see folders and files in MIS folder.

[ATTACH]114.IPB[/ATTACH]

[ATTACH]115.IPB[/ATTACH]

 

When I use CDNUsers group to set permission on MIS folder, Willian cannot see folder and files in MIS folder.

[ATTACH]117.IPB[/ATTACH]

[ATTACH]116.IPB[/ATTACH]

 

William is a direct member of CDNUsers group.

[ATTACH]119.IPB[/ATTACH]

 

CDNUsers group is also a member of MIS-ListOnly group.

[ATTACH]120.IPB[/ATTACH]

 

Goal

1.Users can see MIS folder exists but when they enter MIS folder, they won't see anything at all.

2.MIS-ListOnly folder is a group for setting permission. Instead of setting permission by each group of departments(for instance, sales group, hr group, ...etc) on MIS folder, I can just simply only set MIS-ListOnly to MIS folder and add each group to MIS-ListOnly.

 

Question

So my questions is how to let CDNUsers group inherit permission of MIS-ListOnly group.

 

Thank you

Andy

Posted

Are you sure you haven't confused the screenshots? The first 2 should block WILLIAM, the second two should allow him to browse folder.

 

Anyway, can you please post the EFFECTIVE permissions by settings permissions like in the first 2 screenshot and select user WILLIAM?

 

Thanks.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

The first one is applying permission to MIS-ListOnly group and I am hoping CDNUsers can inherit the permission from MIS-ListOnly group because CDNUsers group is a member of MIS-ListOnly group.

 

William is a member of CDNUsers can also have the same permission as MIS-ListOnly.

 

 

The 2nd one is applying permission to CDNUsers group directly and William is a direct member of CDNUSsers group. This way works fine.

 

Both ways are trying to setting the same permission on the MIS folder.

 

Do I make it clear ? :lol:

 

Here is the screenshots

 

Permission Applied to MIS-ListOnly

[ATTACH]121.IPB[/ATTACH]

Effective Permission of William on MIS\New Folder

[ATTACH]122.IPB[/ATTACH]

Permission Applied to CDNUsers

[ATTACH]124.IPB[/ATTACH]

Effective Permission of William on MIS\New Folder

[ATTACH]123.IPB[/ATTACH]

Posted
probably the permissions weren't updated...

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...