This topic is intended for system administrators.
The following example explains how to implement access rights to company notes on the Windows server where you store your databases.
On the server, create a folder called, for example, CompanyNotesShare.
This folder will contain the folder for your company notes.
Inside the CompanyNotesShare folder, create a folder called, for example, CompanyNotesFolder.
This folder will contain your company notes.
You must create two new user groups in order to control the access that users have to your company notes.
Create two user groups called NoteReader and NoteWriter.
Make the relevant users members of these two groups.
Select the folder CompanyNotesShare.
Share the folder as CompanyNotesShare.
Set the permissions for sharing as follows:
NoteReader: Read
NoteWriter: Change, Read
Remove any groups other than the ones mentioned above.
Right-click the folder CompanyNotesFolder and open the Properties window.
Click the Security tab and add the group NoteReader.
Select the following access rights:
Read
List Folder Contents
These permissions apply to both the folder and the files.
There are two kinds of access rights for writers:
Liberal access rights: writers can edit and delete each other's notes.
Strict access rights: writers can only edit and delete their own notes.
Right-click the folder CompanyNotesFolder and open the Properties window.
Click the Security tab and then click Advanced and the Advanced Security Settings window opens.
Select the group NoteWriter, click Edit and the Permissions Entry window opens.
In the Apply onto field select "This folder only" and grant these access rights only:
Traverse Folder / Execute File
List Folder / Read Data
Create Files / Write Data
Click OK.
In the Advanced Security Settings window add the group NoteWriter again.
Click Edit and the Permissions Entry window opens.
In the Apply onto field select "Files only."
Grant these access rights only:
Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Files / Write Data
Create Folders / Append Data
Write Attributes
Write Extended Attributes
Delete
Read Permissions
The only tasks NoteWriters cannot do are:
Delete Subfolders and Files
Change Permissions
Take Ownership
You have now granted liberal access rights to the NoteWriter group.
The key to this configuration is that every writer can write to the folder, but they cannot write in the files in the folder. However, since the creator of a specific file also gets "creator owner" rights for that file, the creator can edit and delete that file by virtue of these "creator owner" rights.
Right-click the folder CompanyNotesFolder and open the Properties window.
Click the Security tab and then click Advanced and the Advanced Security Settings window opens.
Select the group NoteWriter, click Edit and the Permissions Entry window opens.
In the Apply onto field select "This folder only" and grant these access rights only:
Traverse Folder / Execute File
List Folder / Read Data
Create Files / Write Data
Click OK.
In the Advanced Security Settings window add the group NoteWriter again.
Click Edit and the Permissions Entry window opens.
In the Apply onto field select "Files only."
Grant the following access rights only:
List Folder / Read Data
Read Attributes
Read Extended Attributes
Read Permissions
Click OK.
In the Advanced Security Settings window add the group CREATOR OWNER.
Click Edit and the Permissions Entry window opens.
In the Apply onto field select "Files only."
Grant the following access rights only:
Create Files / Write Data
Create Folders / Append Data
Write Attributes
Write Extended Attributes
Delete
You have now granted strict access rights to the NoteWriter group.