I need some suggestions to reorganize the permissions of folders settings in my organization.
Here is our scenario:
We currently have one domain, 50 file servers distribuited through branches, and a NetApp with a DFS which contains files for more 70 branches.
The locations which does not have its own File Server, has a file with the location name in the DFS.
The security groups names and permissions are pretty messed up today, so I need to recreate them from scratch.
We use only one Shared Folder, which is named 'Corporate', that is mapped via Logon Script and Everyone have 'Change' access. This Shared Folder will map the file server where the user is located, or the DFS (Later I will put every distributed file server in the DFS).
I think of creating three levels of folders that will have access permissions, the folder with the name of the location will not count.
So it goes like this:
Management (1º level), Coordenation (2º Level), Folders of the Department (3º level).
And here is the question:
Many times we are requested to grant an access to a user to the folder of the third level. The user can only access this particular folder of the third level, and no other.
Imagine that we have folders like:
HR > Employee Informations > Payments
HR > Employee Informations > Address
If I need to grant access only to the 'Address' folder, how I will arrange the security groups in a way where he can navigate through the folders until get there? He can not access the 'Payments' folder or any other folder in the 'HR'.
I don't know if there's a different or better way to do this without releasing the 'Address' security group on the folders above, with access only to 'list folders'.
I think by doing this, the main folders will have hundreds of security groups and will become a little hard to manage.
I appreciate any sugestion or information regarding the scenario of yours.
Att, Paulo Rocha