company location

Get In Touch

Why not visit us on Facebook? We only post about useful things like new releases, and unlike some others we promise we won't spam you with messages!

 MLtek Limited on Facebook

 

 

FAQs - Read Only Archives

Home | Pricing | Download | Documentation | Release Notes | Customers

Overview: 

Several customers have recently asked us what the best way of creating a read only archive is, one that allows users to open and read archived files but which prevents users from modifying those archived files thus forcing the creation of a new file if changes are needed. They essentially wanted to implement a form of versioning for their archived files.

This is actually really easy to do through the use of share permissions. It's worth stressing that we aren't referring to NTFS permissions here, we are looking at the actual permissions in place on the network shares.

You can view the permissions in place on a share by right clicking on a folder that has been shared out as a network share, clicking on 'Properties', going to the 'Sharing' tab, clicking on 'Advanced Sharing' and then clicking on 'Permissions'. Here you will find a list of the permissions for the share.

The effective permissions any one specific user has to a share and its contents are defined through a combination of the share permissions and NTFS permissions, essentially the most restrictive wins. Lets imagine we have a user called 'Phil' and he is a member of the 'Domain Users' group which is listed in the share permissions of a share as 'Read' and the NTFS permissions as 'Modify'. Phil will only have 'Read' permissions to the share in question as he is restricted by the 'Domain Users' = Read entry.

It's by taking advantage of this 'most restrictive wins' behavior that we can make an archive and all of it's contents read only.

Typically we would recommend setting the share permissions to the following to make an archive share read only for normal users:

Administrators = Modify

Domain Users = Read

ArchiverFS Service Account = Modify

This combination will prevent users from changing archived files whilst still allowing ArchiverFS the access it needs to work. If a user wants to modify an archived file then they will need to open it and save any changes as a copy of the file in the live file system.