How do you structure access to data on your server(s)?
-
@MattSpeller said:
@Dashrender Bingo.
I missed this yesterday - Considering that the out of department user only needs (and will only be granted) access to the single file - creating a group seems like overkill. Sure it's the right thing to do, but if you have 20-50 groups that only have one person in it, is it really worth while?
Maybe Sharepoint is exactly what you need to solve this problem. Granted access to singular files across folders you otherwise don't have access to.
I recently discovered that a user could search a server drive and the results would show them files inside folders they didn't have permissions to, but the files themselves were granted 'Users:R/W' They were shown the files because they were in the index of the file server, search wasn't actually trolling through the structure, just the index. This ended up being a bad thing, people were able to access other people's reviews. To solve the problem I had to remove 'Users:R/W' from the files in question and limit it to the same permissions as the folders themselves. But this is all off topic... so nevermind I guess
-
SharePoint is very nice for letting users manage the users on their own files. Although users managing their own can be bad, that's how you get unauditable permissions sprawl.
-
@scottalanmiller said:
SharePoint is very nice for letting users manage the users on their own files. Although users managing their own can be bad, that's how you get unauditable permissions sprawl.
Users can do that on Windows too, though they might not be able to remove the baseline permissions depending on settings.
-
@Dashrender true, but there is something more user friendly about the Sharepoint approach.
-
Users are getting used to how tools like OneDrive and Sharepoint work via the sharing and manual permissions systems because of tools like Dropbox being so common for home users.
-
@Dashrender said:
soooo you're talking about robocopy instead of DFS?
I don't believe the file in my question to be static.. it needs to be changeable by all parties.
Micrsoft recommends during a robocopy before you turn on DFS. That way there isnt files replicating like crazy when you first turn it on. There will only be a few files which need to be updated.
-
@scottalanmiller said:
@Dashrender true, but there is something more user friendly about the Sharepoint approach.
I think his best solution lies somewhere in something like Sharepoint, or Sharepoint.. Clearly the windows approach is not working well when he has 130 groups for only 100 users. I think I would have given up on the group thing long ago for single file access like this problem presents.
-
Adding Sharepoint to the list of things I need to investigate
-
@IRJ said:
@Dashrender said:
soooo you're talking about robocopy instead of DFS?
I don't believe the file in my question to be static.. it needs to be changeable by all parties.
Micrsoft recommends during a robocopy before you turn on DFS. That way there isnt files replicating like crazy when you first turn it on. There will only be a few files which need to be updated.
OK sure, but he doesn't need whole folders to be replicated, he only needs single files for that outside the norm access.
-
@Dashrender said:
@IRJ said:
@Dashrender said:
soooo you're talking about robocopy instead of DFS?
I don't believe the file in my question to be static.. it needs to be changeable by all parties.
Micrsoft recommends during a robocopy before you turn on DFS. That way there isnt files replicating like crazy when you first turn it on. There will only be a few files which need to be updated.
OK sure, but he doesn't need whole folders to be replicated, he only needs single files for that outside the norm access.
Right. I was just trying to think of an outside of the box type way to do what he accomplished. When I saw it was only specific files, I realized it wasn't the right solution.
