This article contains instructions to determine who has access to a folder on a shared fileserver, which is known as setting the permissions on the folder. This allows you to create folders that are shared between departments, drop folders for class assignments, and folders to share with TAs, among other things.
Make sure to create the folder in the proper spot. Folders that are shared between departments should be created under the Shared folder on bsp-nas for that department and folders that students need access to should be under the Public folder for that department on bsp-nas. For more information, please see the following article: bsp-nas department folder permissions.
1. Right click on the folder you would like to adjust the permissions of and select Properties.
2. Select the Security tab. The top half of the window that appears is a list of users who have access to this folder. When you select a user from this list, the check boxes in the bottom half of the window reflect what type of access they have to this folder.
3. Initially, the folder is accessible to everyone that has access to the containing (parent) folder, but we want to set the permissions on this folder differently. Select the Advanced button to open the Advanced window.
4. Once the Advanced dialog box has opened, select Change Permissions.
5. Un-check the check box marked Include inheritable permissions from this object's parent. Do not modify anything else in this window.
6. A window will appear with a warning about inheritable parent permissions. Click the Add button.
Now we need to determine which people actually have access to this folder. In this process, you (or a group that you are a member of) must be listed as having full control of this folder at all times.
Note: If you are not listed as having full control of this folder, you will not be able to access or modify it any longer, effectively locking yourself out of your own folder.
7. Once back in the Advanced Security Settings dialog box, select Add to add groups or users that can have access to this folder.
8. Enter all groups or users that need access to this folder, separated by semicolons.
- Groups are departments and offices (e.g. the Business Office, the Spanish Department, or the Admissions Office) Enter the first few letters of the department or office name if you don't know the exact group name and later on you will be able to select the group that you want.
- Users are individual Bethel students, faculty, and staff members. Enter a username only when a single person needs access to this folder (e.g. a TA or office assistant). Most of the time, you will be allowing and removing access for entire groups, not individual users.
9. Click Check Names to determine if the name is valid or not.
- If there is more than one user or group that matches the name that you entered, you will be prompted to select the one that you meant (e.g. If you entered "bus," you would be able to select from the Business Department, the Business Department TAs, and the Business Office, among other things.)
- If one of the names is misspelled (there are no users or groups that match it), you will be prompted to correct it or to remove it from the list.
10. Click OK. A screen, Permission Entry for Windows 7 File Server Permissions will open. Here you will determine what type of access each should have by selecting the appropriate check boxes in the permissions list that appears. In virtually no circumstance should you check Deny access. Since only the users listed in the user list have access to this folder, it will eliminate confusion to remove them from the user list than to Deny access for them. Some common ways to set the permissions are:
|Permission||Meaning for Folders||Meaning for Files|
|Read||Permits viewing and listing of files and sub-folders||Permits viewing or accessing of the file's contents|
|List Folder Contents||Permits viewing and listing of files and sub-folders as well as executing of files; inherited by folders only||N/A|
|Modify||Permits reading and writing of files and sub-folders; allows deletion of the folder||Permits reading and writing of the file; allows deletion of the file|
|Write||Permits adding of files and sub-folders||Permits writing to a file|
|Full Control||Permits reading, writing, changing, and deleting of files and sub-folders||permits reading, writing, changing and deleting of the file|
|Read & Execute||Permits viewing and listing of files and sub-folders as well as executing of files; inherited by files and folders||Permits viewing and accessing of the file's contents as well as executing of the file|
- The group Administrators and your username or the group that you are a member of should always have Allow in the Full Access row checked. This is so you don't lock yourself out of the folder.
- If you remove your username and all groups that you are a member of from the user list, you will not be able to access the folder.
- If you Deny access to the group that you are in, you will not be able to access the folder, even if you are also listed individually on the user list.
- If you Deny access for the group Everyone, no one will be able to access the folder, even if they are listed separately in the user list.
You usually do not need to Deny access to anyone. Since only the users listed in the user list have access to this folder, it is better practice to remove them from the user list than to Deny access for them.
13. Select OK to save these permissions settings on this folder.