Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).
-
I'm not sure I see any reason to not handle this with regular NTFS permissions... What am I missing?
Are the files for a given project spread out all over, instead of in one single folder?
-
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@wirestyle22 said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
I'm not familiar with a product that would allow you to do this in a way that is not extremely time consuming. Interested to see if anyone else does.
What I was believing before posting this thread, there should be huge number of IT folks should be dealing with this kind of scenarios
I don't know about a huge number, but probably not a small number or even small percentage.
As I said, moving away from the folder structure and to a flat file system and searching for things based on tags would solve this for you - once you setup default permissions for new files created by users (i.e. John in CAD group 1's files will by default have r/w for CAD group 1 users, and read for everyone else, etc), assuming this can even be done.
But CAD files makes this challenging because of their size.
-
@dafyre said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
I'm not sure I see any reason to not handle this with regular NTFS permissions... What am I missing?
Sure, let's assume the following:
\fileserver\share\projects\project-55\cad-files
4 different departments need to write files to this directory, but only those in the same department can change their department's files.
So we have Dept1, Dept2, Dept3, Dept4
How do you automatically create permissions for a file created by a user in Dep1 to be
Dept1 - R/W, Dept2, Dept3, Dept4 - RSame goes for all departments.
-
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@Dashrender said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
This is interesting.
I'm curious how you change this without changing the current workflow of your users.
It is difficult to change the workflow (I guess, here you mean, making folders according to departments to give full access for specific department and read access for others.)
I understand, above changes can resolve most of my problems, but practically for Users and in Users view, it's damn difficult.
This is because :
-
In one project all departments needs to involve, so Project-55 (lets say) folders will be in all department folders, instead of being in One Location, now the data/files for project is scattered in different folders and users will need to navigate to different folders for one project to need to work with.
-
Our users are using XREF (a feature in CAD, you may familiar with), where users will point from CAD file to other to know what changes done by other departments, so if we change the location on existing files will effect other files, which is going to be a big mess for Users and to IT ultimately.
XREF is a standard feature across almost all software. Not really relevant to CAD.
- Currently all department files for one project is under one Folder, when we make it department wise, there is a lot of moving activity, which should be done with keen observation to avoid any files missing due to long file path (I am sure there will hundreds cases will arise).
What CAD software is being used? I bet they have a standard tool to manage this.
If not, then what @Dashrender mentioned already.
CAD tends to have groups of files the software needs for each project, not a single file. So trying to manually manage this would be an exercise in futility, at leas the ones I'm familiar with.
-
-
@Dashrender said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@dafyre said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
I'm not sure I see any reason to not handle this with regular NTFS permissions... What am I missing?
Sure, let's assume the following:
\fileserver\share\projects\project-55\cad-files
4 different departments need to write files to this directory, but only those in the same department can change their department's files.
So we have Dept1, Dept2, Dept3, Dept4
How do you automatically create permissions for a file created by a user in Dep1 to be
Dept1 - R/W, Dept2, Dept3, Dept4 - RSame goes for all departments.
Ah, ok. I gotcha... That makes sense.
-
@dafyre said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
Ah, ok. I gotcha... That makes sense.
I don't know if that can even be done in SharePoint or NextDrive.
-
@Dashrender This doesn't help the OP, but it can definitely be done with SAMBA on Linux.
We do that here, and have to muck around with the department permissions and such from time-to-time.
-
@dafyre said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@Dashrender This doesn't help the OP, but it can definitely be done with SAMBA on Linux.
We do that here, and have to muck around with the department permissions and such from time-to-time.
I'd love to see a screen shot of how that looks at the share or folder level.
-
OK in talking with @dafyre I have a possible solution, but man, it's what I would consider a horrible solution.
Write a script that runs as frequently as you need it to, like every min, that looks at new files in folders and generates a new permission set for a file based upon the owner of the file.
The script would have to know who is in what group, and then it would give w/r permissions to that group. The default permissions on the folder would need to be Read Only.
But in typing this out, that wouldn't work, because then no one could ever write a file into the folder in the first place.
-
@Dashrender said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@dafyre said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@Dashrender This doesn't help the OP, but it can definitely be done with SAMBA on Linux.
We do that here, and have to muck around with the department permissions and such from time-to-time.
I'd love to see a screen shot of how that looks at the share or folder level.
In the /etc/samba/smb.conf file, in our global section, we have
create mask = 0660 directory mask = 0770Adjust permissions accordingly.
For what he wants, it'd likely be something like
create mask = 0650 directory mask = 0770At the share level.
Edit: @Dashrender reminded me of one additional command that is needed to grant the groups appropriate access to groups for a folder.
The
setfaclcommand. -
Since I'm still trying to wrap my head around this.
You could try using a combination of Role-based access control permissions (http://www.yster.org/role-based-access-control/) and use inherited permissions.
-
@black3dynamite said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
Since I'm still trying to wrap my head around this.
You could try using a combination of Role-based access control permissions (http://www.yster.org/role-based-access-control/) and use inherited permissions.
I don't think this will give you the logic you need though.
-
IMO... its a mess and needs to be standardised. Management need to decide on a workable structure.
-
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
This is how one of our Shared Folder looks like, but it's more deeper and complex, bcuz of being lazy
I just make it simple, hope you will understand 
If you stop it at the level shown in the picture, then you can apply the permissions as you want them. If those departments want more subfolders, that's fine, the permissions you set at the department level can propagate to the lower folders.
-
@travisdh1 said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@Dashrender said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
This is interesting.
I'm curious how you change this without changing the current workflow of your users.
It is difficult to change the workflow (I guess, here you mean, making folders according to departments to give full access for specific department and read access for others.)
I understand, above changes can resolve most of my problems, but practically for Users and in Users view, it's damn difficult.
This is because :
-
In one project all departments needs to involve, so Project-55 (lets say) folders will be in all department folders, instead of being in One Location, now the data/files for project is scattered in different folders and users will need to navigate to different folders for one project to need to work with.
-
Our users are using XREF (a feature in CAD, you may familiar with), where users will point from CAD file to other to know what changes done by other departments, so if we change the location on existing files will effect other files, which is going to be a big mess for Users and to IT ultimately.
XREF is a standard feature across almost all software. Not really relevant to CAD.
- Currently all department files for one project is under one Folder, when we make it department wise, there is a lot of moving activity, which should be done with keen observation to avoid any files missing due to long file path (I am sure there will hundreds cases will arise).
What CAD software is being used? I bet they have a standard tool to manage this.
If not, then what @Dashrender mentioned already.
CAD tends to have groups of files the software needs for each project, not a single file. So trying to manually manage this would be an exercise in futility, at leas the ones I'm familiar with.
Autodesk CAD software.
-
-
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@travisdh1 said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@Dashrender said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
This is interesting.
I'm curious how you change this without changing the current workflow of your users.
It is difficult to change the workflow (I guess, here you mean, making folders according to departments to give full access for specific department and read access for others.)
I understand, above changes can resolve most of my problems, but practically for Users and in Users view, it's damn difficult.
This is because :
-
In one project all departments needs to involve, so Project-55 (lets say) folders will be in all department folders, instead of being in One Location, now the data/files for project is scattered in different folders and users will need to navigate to different folders for one project to need to work with.
-
Our users are using XREF (a feature in CAD, you may familiar with), where users will point from CAD file to other to know what changes done by other departments, so if we change the location on existing files will effect other files, which is going to be a big mess for Users and to IT ultimately.
XREF is a standard feature across almost all software. Not really relevant to CAD.
- Currently all department files for one project is under one Folder, when we make it department wise, there is a lot of moving activity, which should be done with keen observation to avoid any files missing due to long file path (I am sure there will hundreds cases will arise).
What CAD software is being used? I bet they have a standard tool to manage this.
If not, then what @Dashrender mentioned already.
CAD tends to have groups of files the software needs for each project, not a single file. So trying to manually manage this would be an exercise in futility, at leas the ones I'm familiar with.
Autodesk CAD software.
Have they considered Vault?
-
-
@travisdh1
Nope. I didn't know it before, and after going through the Vault product.As I am seeing product is mainly meant for how to manage cad files efficiently from drafting to final design etc. but not for my requirements (proper control over permissions on files/folders).
Second thing is, we do not have only cad files, but also other type of files involved in each project and in each departments like MS applications, PDFs, CAD, 3Ds max etc.
-
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@travisdh1
Nope. I didn't know it before, and after going through the Vault product.As I am seeing product is mainly meant for how to manage cad files efficiently from drafting to final design etc. but not for my requirements (proper control over permissions on files/folders).
Second thing is, we do not have only cad files, but also other type of files involved in each project and in each departments like MS applications, PDFs, CAD, 3Ds max etc.
So, basically, the current workflow doesn't work, and they don't want you to change said workflow.
-
@travisdh1 said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@travisdh1
Nope. I didn't know it before, and after going through the Vault product.As I am seeing product is mainly meant for how to manage cad files efficiently from drafting to final design etc. but not for my requirements (proper control over permissions on files/folders).
Second thing is, we do not have only cad files, but also other type of files involved in each project and in each departments like MS applications, PDFs, CAD, 3Ds max etc.
So, basically, the current workflow doesn't work, and they don't want you to change said workflow.
Yup.
That's why I am trying to find any way to do it with third party software/tool to manage permissions instead of thinking about work flow/ changing work flow. -
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@travisdh1 said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@openit said in Looking to have good and easy control over the shared folders [permissions] on File Server (Windows Server 2012).:
@travisdh1
Nope. I didn't know it before, and after going through the Vault product.As I am seeing product is mainly meant for how to manage cad files efficiently from drafting to final design etc. but not for my requirements (proper control over permissions on files/folders).
Second thing is, we do not have only cad files, but also other type of files involved in each project and in each departments like MS applications, PDFs, CAD, 3Ds max etc.
So, basically, the current workflow doesn't work, and they don't want you to change said workflow.
Yup.
That's why I am trying to find any way to do it with third party software/tool to manage permissions instead of thinking about work flow/ changing work flow.This is sign of a bad company. Specifically, bad management.
