1

Hello all,

Can someone help me with permissions

How can I grant access permissuon to 2 different users i.e A & B to a share with both of them able to create and manage their own files in the share, able to read the other’s file but not able to edit and save the other’s file

6 Spice ups
2

Create a folder for each user on the share where they have modify permissions on that folder. Then give the other user read only permission. For the shared folder itself, you give them both read/read and execute and List Folder Contents.

Folder-John
Permissions
John: Modify, Read, Read and Execute and List Folder Contents
Bob: Read, Read and Execute and List Folder Contents

Folder-Bob
Permissions
Bob: Modify, Read, Read and Execute and List Folder Contents
Johh: Read, Read and Execute and List Folder Contents

5 Spice ups
3

We may need more information as maybe as not to assume certain things ?

  • OS of the file server (Windows, Linux or appliance like NAS)
  • OS of the user machines and if they are in Domain
  • Share permissions vs NTFS permissions ?
  • Creation of 1 share folder with 2 subfolders (shown by @PatrickFarrell ) or only 1 share folder with no subfolders (a bit more complicated) ?
4 Spice ups
4
  1. Add the users to a group.
  2. Grant the group with “Read & Execute” and “Create files” NTFS permissions with “This folder” inheritance.
  3. Grant CREATOR OWNERS “Modify” permissions with “Files only” NTFS permission.
4 Spice ups
5

Thanks PatrickFarrell

Issue is I should not create subfolders in the share…I need to solve it without subfolders

3 Spice ups
6

Oh! yes…Its a workgroup model in a Win 11 environment. just 1 share without subfolders needed thats why its complicated for me. Share permission should be everyone full control then restrict with NTFS

3 Spice ups
7

What I’ve outlined does so without subfolders. I’d usually set the share permissions to “Change” for the group that I recommended instead of EVERYONE to prevent accessing file on the share after removed from the group in case change to a role that no longer requires access.

3 Spice ups
8

Hope the client machines are Win10 Pro or Win11 Pro ?
Then how about the file server ?

The issue is that you may have issues with NTFS as the usernames of both machine are different in workgroup so you cannot set NTFS permissions…
The user names are tied to the local machine host names…(hostname1 & hostname2 with userA & userB).
For example the user IDs are actually hostname1\userA and hostname2\userB

Unless you are using like a NAS that can create the NAS local accounts, then the 2 users (while using their local Windows ID as mentioned above) can login to the UNC shares (\NAS_IP\share) using the NAS_UserA & NAS_UserB ?

Maybe the alternative is to use MS Office password protection (xlsx, word, pptx etc) as to password protect their respective files on the share ?

3 Spice ups
9

Want to try it out now…will let u know outcome soon…thanks

3 Spice ups
10

I also wanna know as I think certain “features” may not be available in workgroup…

3 Spice ups
11

NTFS permissions can work in workgroup mode, but each account needs to have the same username & password combination on both computers or for the connecting computer to have the saved credentials saved matching the computer hosting the share.

The NTLM authentication protocol ignores the computer name in workgroup mode. Note that matching usernames with different password can cause lockouts.

4 Spice ups
12

Result from trying your idea

A & B can create and manage their files in the share

But restricted from reading each others files

3 Spice ups
13

This is an unusual setup, if permissions need to be restricted, folders would help - is there a reason you can’t use folders?

3 Spice ups
14

It’s a question in my project…been stuck on it for a while now

2 Spice ups
15

So this is a scenario, not an actual problem you are solving?

While we are happy to guide you on homework style questions, we wont give you direct answers, it’s better that you understand how so you can help troubleshoot in the future.

Do you have access to a lab/VM where you can try out the above suggestions?

FYI, you cannot stop someone reading files to a folder they have access to, you can stop them editing, but on a per file access, reading will be allowed.

This below is now changed

to

You need to clarify what the result should be.

they can read, always, but not write to each others, but you can’t stop them reading each others files, without subfolders.

3 Spice ups
16

I am actually testing everything out on a VM
Thanks

2 Spice ups
17

Great.

In that case, set the permissions how you think or as advised from above and if it doesn’t work, please share screenshots of how you’ve got things set and what is happening.

It’s easier if we can see.

2 Spice ups
18

Why does it feel like we’re helping someone with their homework…

2 Spice ups
19

Because you are.

3 Spice ups
20

Which is the VM ?? File server or client ? What OS ??