3

In our network, we are using an application that connects to an *.mdb access database through ODBC (User DSN).

The mdb is based on a subfolder of a share that is locally mapped to W:

What kind of minimum permissions do I have to give users on the subfolder so that they can use the application without limits, at the same time are not permitted to unintentionally do harm, such as delete the mdb file, or make any other changes to this folder?

Ideally, only the application could access the file, the users wouldn't have any direct access to it.

All ideas/advice welcome.

vic
  • 973
  • 1
  • 9
  • 21

1 Answers1

2

In theory you shouldn't need to give the users any NTFS permissions on the subfolder, only on the mdb file itself. The Bypass Traverse Checking user right (which every user has by default) will allow the application/user to access the mdb file without having any permissions to the subfolder (or the parent folder for that matter). This means that you can configure the application's ODBC DNS with the path to the mdb file without giving the users direct access to the folder(s) where the file exists.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • That was helpful, thanks. Which permissions exactly are needed on the file? I assume I have to give "modify" permissions at least. Does this mean that, in theory, the user could still delete the mdb file if he could find out its path, no matter what his permissions on the folder are? While I'm really not worried about that in my specific situation, I still wonder how you would avoid that. – vic Nov 02 '15 at 16:11