Post reply

Setting folder access permissions

  • May 9, 2017 at 1:01 pm

    #330220

    I found the following code on the internets that appears to do what I want it to, namely grant read and execute access on a folder and all subfolders and files to various AD groups.
    Project path is the top-level folder for the groups in the $Domains\$Groups combos.

    $Acl = (Get-Item $ProjectPath).GetAccessControl('Access')

    foreach ($Domain in $Domains)
        {
        foreach ($Group in $Groups)
            {
            $ADGroup = "$Domain\$Group"
            if ($Acl.AccessToString.IndexOf($ADGroup) -eq -1)
                {
                $permissions = $AdGroup, 'Read,ReadAndExecute,ListDirectory', 'ContainerInherit,ObjectInherit', 'None', 'Allow'
                $Ar = New-Object System.Security.Accesscontrol.Filesystemaccessrule -ArgumentList $permissions
                $Acl.SetAccessRule($Ar)
                }
            }
        }

    Set-Acl -Path $ProjectPath -AclObject $Acl

    From https://msdn.microsoft.com/en-us/library/ms229747(v=vs.110).aspx,

                   ContainerInherit       , and ObjectInherit

         

    		      Target folder, child folder, child object (file), grandchild folder, grandchild object (file).

    I expect that all child objects (folders and files) will get the permissions I grant to the parent folder. So  far, this is working as it should. The current, child and grandchild files and folders all have the intended permissions.

    Today, a user dropped a new file into a child folder. The file did not inherit all the permissions granted above. Not sure I understand why the groups to which I granted read and execute above can't see/read that file?

    Thanks!

    P

  • May 9, 2017 at 1:47 pm

    #1941888

    Was the file copied, or moved? Copying should inherit permissions in the way you want, but moving does not necessarily do so.

  • May 10, 2017 at 8:29 am

    #1942020

    Well that seems weird...

    However, I experimented with a move and a copy and, in both cases, the permissions were as expected, and identical.

    I had the same user who copied or moved the original file repeat the experiment, and again, everything was as expected.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply

Cookies on SQLServerCentral

This website stores cookies on your computer.

These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.

To find out more about the cookies we use, see our Privacy Policy