I'm working in IT at a biopharma lab and need to set permissions that allow users to write to a specific folder without being able to delete, rename, or edit the .txt files within it. I've already set up permissions that prevent deleting and renaming, but I'm still having trouble because users can edit and overwrite existing files. Here's what I have set up in NTFS permissions:
**Allow:**
- Traverse folder/execute file
- List folder
- Read attributes
- Read extended attributes
- Create files/write data
- Create folder/append data
- Write attributes
- Write extended attributes
- Read permissions
**Deny:**
- Delete subfolders and files
- Delete
- Change permissions
- Take ownership
If anyone has suggestions on how to fix this issue, I'd appreciate it. Thank you!
3 Answers
It sounds like you're looking for a WORM (Write Once Read Many) solution, which is useful if you want to ensure files can’t be modified or deleted until a certain time period has passed. I recommend looking into NetApp Snaplock, which locks data until it expires (commonly set to 7 years). Just be cautious, especially if this is for compliance reasons—workarounds can lead to issues with audits.
Have you thought about investing in a document management system? Alternatively, using SharePoint or Office 365 could be a good option for managing these file permissions more effectively.
You might want to remove the append permission. I've done a similar setup where Group A could list and create files with no other permissions, while Group B could create, list, and append. Also, you don't need those explicit denies in most cases.
Definitely, using deny permissions can be tricky. It's better to keep things straightforward!