Inheritence

Jake Walker 1 Reputation point
2022-02-10T14:48:10.063+00:00

Hi everyone,

I was wondering if there is a way to grant someone access to a subfolder but not give them access to the parent folder or any other folder. For example;

I would like access to (R:) > House > Kitchen Designs
Kitchen Designs being the child folder

But deny access to the parent folder (House) and any other folder within the parent folder.

I know I could take the Kitchen Designs folder out of the parent folder which breaks the inheritance and can grant permissions on that folder on it's own, but I was wondering if there was any other way that wouldn't make it look messy.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,070 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Reynolds 9,396 Reputation points
    2022-02-11T07:21:06.54+00:00

    Hi @Jake Walker

    If you assign permissions to the user on the sub folder, the user will be able to go to the folder without having to assign permissions to the parent folder. This works because the user right 'bypass traverse checking' see this page for more information.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking

    If the user doesn't have list contents permissions on the parent folders, the user will need to specify the exact path, rather than navigating to the folder.

    Gary.

    0 comments No comments

  2. Limitless Technology 39,461 Reputation points
    2022-02-11T09:45:12.007+00:00

    Hello JakeWalker,

    Ideally with products like OneDrive you can perform a more granular share nowadays, but in your case, the easiest option is to assign Special Permissions required for Trasversal access to the folder, meaning that changing the level or path will require to verify again the permissions explicitly for the next path.

    Set the special permissions to R:\House\Kitchen Designs to "Traverse Folder / Execute File : Allow" Apply to: "This Folder Only"


    --If the reply is helpful, please Upvote and Accept as answer--