8
1
Is there a way I can set create file/folder permissions for a user in Windows 7 without giving delete permission for a folder?
I don't want the user to delete any files in that folder, but he should be able to make new files,rename them, and copy new files to that folder. Is this possible in Windows?
Jishnu U Nair
Posted 2014-12-23T10:08:52.157
Reputation: 263
9
You cannot disallow deletes and expect rename to work, as explained below.
Windows treats a file renaming operation as a deletion of the file and creation of a new file with the new name. Therefore, you absolutely must have one or both of the following two permissions:
Delete permission on the file itself, orDelete Subfolders and Files permission on the folder that contains the file.To complete the list, for renaming you require in addition the following permissions:
Write Data permission on the folder because of the new-file creationRead Attributes permission to both the folder and the actual fileSynchronize permission to both the folder and the actual fileList Directory permission to the folder.These permissions allow the rename command to check for the existence of the file and verify that the file's attributes (for example, the Read Only attribute) don't prevent the rename.
harrymc
Posted 2014-12-23T10:08:52.157
Reputation: 306 093
Ok. Thanks for the information. Is it possible to make a service/program in C# that can prevent deletion of files for a particular user? – Jishnu U Nair – 2015-01-09T07:55:06.107
5
Right click the folder → Properties → Security → Advanced → Permissions → Change Permissions → <select user> → Edit. You can specify (deny) very detailed permissions in there, including the Delete permission
BTW, don't use "CREATOR OWNER" (that was just an example). Use the actual user or group you wish to deny the permission to.
Tetsujin
Posted 2014-12-23T10:08:52.157
Reputation: 22 456
I tried this, but when I try to modify a file it shows "No rights to modify contact Admin" – Jishnu U Nair – 2014-12-23T11:15:26.477
more specifically I cannot change the filename, even though I can create new files. – Jishnu U Nair – 2014-12-23T11:29:41.777
1My answer [& anybody's] depends on you having the existing rights to modify the permissions - otherwise an admin would have to do it for you. & you cannot change what filename? – Tetsujin – 2014-12-23T11:31:35.327
BTW, don't use CREATOR OWNER, use the actual user or group you wish to deny the permission to. – Tetsujin – 2014-12-23T11:34:13.623
yes I know that, I used the proper usernames. Either way it doesn't help – Jishnu U Nair – 2014-12-23T11:35:33.607
Are you in the same group you're trying to deny permission to? Do you have sufficient permissions to perform the action? – Tetsujin – 2014-12-23T11:37:05.983
I'm applying the permissions as admin for the user and testing it on the other user. – Jishnu U Nair – 2014-12-23T11:40:40.037
If possible you should not use deny. Deny has precedence over Allow, so it should only be used if you really know what you are doing. – Werner Henze – 2015-01-08T09:54:36.950
2
What you write what you want is not possible. If a user wants to rename a file this requires the right to delete it (see Server Fault or WindowsIT Pro).
If it is OK for you that users can create new files in the folder and do with them whatever they want, but not mess with other files (like in a shared temp folder), you can change the permissions for the folder. In Windows Explorer, right click/properties on the folder, Permissions, Advanced, and change permissions. The required rights are:
"this folder, subfolders, files": "Read, Write, Execute" (search folder, list folder, read attributes. read extended attributes, create files, create folders, write attributes, write extended attributes) for the users in question.
"only subfolders and files": full access for "CREATOR OWNER".
Werner Henze
Posted 2014-12-23T10:08:52.157
Reputation: 4 214
Hi .. the issue is according to Windows permissions, if delete permission is removed, user cannot add a new file and rename it, but what I want is to rename files but not delete them – Jishnu U Nair – 2015-01-12T12:47:21.107
@JishnuUNair I know. And that is exactly what I wrote: "If a user wants to rename a file this requires the right to delete it (see...)." – Werner Henze – 2015-01-12T12:48:53.220
0
In the property dialog of the folder choose Advanced and then Change permissions.
There you can set differentiated rights. You can choose if the rights shall apply to folders, files, or both.
marsh-wiggle
Posted 2014-12-23T10:08:52.157
Reputation: 2 357
You mean Advanced?? – Jishnu U Nair – 2014-12-23T11:36:15.537
yes - its changed – marsh-wiggle – 2014-12-23T12:02:15.437
0
Are you sure it is not already as you want it by design? If the users are not administrators they can create/delete THEIR OWN files, but they can ONLY read the files created there by other users. Isn't that enough?
The default NTFS permissions do just that. Create a folder as an administator and check the security on it - notice that Users have Read & Execute, List Folder Contents, Read and Special Permissions - which as you can see in advanced means Create files / Write Data, Create Folders / Append Data.
From what you described I think this is what you wanted ;)
Vitas
Posted 2014-12-23T10:08:52.157
Reputation: 671
You mean add/edit/delete files inside the folder, but not delete the folder itself? – Xen2050 – 2014-12-23T10:19:43.560
No add files/folders in to folder but not able to delete anything from it. – Jishnu U Nair – 2014-12-23T10:20:53.547
http://www.thesysadminhimself.com/2012/12/deny-deleting-folder-on-windows.html – w͏̢in̡͢g͘̕ed̨p̢͟a͞n͏͏t̡͜͝he̸r̴ – 2014-12-23T10:37:42.127