<< Click to view the table of contents >> Navigation: Commands > Rules > Data folder |
The Data Folder rule can be associated with any string-type attribute, but its use is intended for attributes used for folders in a file server, e.g., homeDirectory.
If the value of the attribute is a valid path to a local network (UNC) folder that can be accessed and modified by a user member of the Domain Admins group or by a delegated user, at storage time the rule creates the folder and creates or updates its access permissions according to the options set; it is also possible to create a first level of subfolders within the target folder.
After the folder has been stored on the disk, if the attribute value is changed by changing the folder path and you store again, the folder on the disk is moved to the new path. When storing, it is possible to choose whether to update only the security descriptors while keeping the data contained in the folder or to delete all the data and rebuild a new folder.
Access permissions
If you choose the option Using the default folder permissions the access permissions inherited from the top-level folders will be used.
If you choose the option Assign the following folder permissions you can customize access rights for the following groups
•Administrators: the "Domain Admins" group is always set to full control.
•Managers: Present only in user type projects is the Extra_Managers attribute that is designed to contain groups that can have access to user data folders.
•Managed by: only in group type projects, is the Active Directory managedBy attribute that can contain a user or group that can have access to the data folder.
•User: only in user type projects, is the target user represented by the record in the main grid.
•Group: only in group type projects, it is the target group represented by the record in the main grid.
Folder permission levels are: Read, Read and Execute, Edit, Full Control.
If you mark the Protect containers from modify or accidental deletion option, additional restrictions are added that prevent deletion of the entire data folder or any of the subfolders preset during configuration. These restrictions are not applied to administrators.
Options for the User type project |
Options for the Group type project |
See also: Rules - Store in Active Directory