Inheritence

Question

Hi everyone,

I was wondering if there is a way to grant someone access to a subfolder but not give them access to the parent folder or any other folder. For example;

I would like access to (R:) > House > Kitchen Designs
Kitchen Designs being the child folder

But deny access to the parent folder (House) and any other folder within the parent folder.

I know I could take the Kitchen Designs folder out of the parent folder which breaks the inheritance and can grant permissions on that folder on it's own, but I was wondering if there was any other way that wouldn't make it look messy.

Answer 1

Hi @Jake Walker

If you assign permissions to the user on the sub folder, the user will be able to go to the folder without having to assign permissions to the parent folder. This works because the user right 'bypass traverse checking' see this page for more information.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking

If the user doesn't have list contents permissions on the parent folders, the user will need to specify the exact path, rather than navigating to the folder.

Gary.

Answer 2

Hello JakeWalker,

Ideally with products like OneDrive you can perform a more granular share nowadays, but in your case, the easiest option is to assign Special Permissions required for Trasversal access to the folder, meaning that changing the level or path will require to verify again the permissions explicitly for the next path.

Set the special permissions to R:\House\Kitchen Designs to "Traverse Folder / Execute File : Allow" Apply to: "This Folder Only"

---

--If the reply is helpful, please Upvote and Accept as answer--