Folder management and security settings

datchcha

From a managing stand point and best practice – is it easy to have a folder which has subfolder that correspond to departments, which each folder has their own security permission settings

Or

At the root level, each department has their own folder with the sharing enabled with their own security permissions

Thank you.

Mishra

Its better to have a root folder so that you can apply inherited permissions to. For example:

If you did c:\HR, c:\business, C:\IT then in order to let everyone from the management group see files in these 3 directories then you would have to put permissions on C:\ which gives them permissions to everything on the c drive.

Its better to have c:\departments\business c:\departments\HR etc so you can apply permissions at the department level.

Most of the time its better to branch out your directories than trying to keep it simple because it gives you more options. But just don't try to go 10 levels deep or anything.

sprkymrk

I prefer that each department have it's own folder at the root level. Otherwise you are constantly going into advanced permissions to uncheck inherit permissions, etc. Then if you make a mistake once you either lock out people who should have access or grant access to those who shouldn't.

One way I did that I liked was to create a root level folder for each department, and under that create a Public and Private folder. Stuff in the Public folder was "read" access for all users and "Modify" access for members of that department, while stuff in the "Private" folder was restricted to that department only. This way someone from HR could save and modify things in the HR\Public folder if he wanted the Management or Finance folks to see it, but if it was for HR eyes only it went into HR\Private. Likewise the other groups.

datchcha

I like both of your ways, and I think i will try to combine both methods...thank you both

Mishra wrote:

Its better to have a root folder so that you can apply inherited permissions to. For example:

If you did c:\HR, c:\business, C:\IT then in order to let everyone from the management group see files in these 3 directories then you would have to put permissions on C:\ which gives them permissions to everything on the c drive.

Its better to have c:\departments\business c:\departments\HR etc so you can apply permissions at the department level.

Most of the time its better to branch out your directories than trying to keep it simple because it gives you more options. But just don't try to go 10 levels deep or anything.

sprkymrk wrote:

prefer that each department have it's own folder at the root level. Otherwise you are constantly going into advanced permissions to uncheck inherit permissions, etc. Then if you make a mistake once you either lock out people who should have access or grant access to those who shouldn't.

One way I did that I liked was to create a root level folder for each department, and under that create a Public and Private folder. Stuff in the Public folder was "read" access for all users and "Modify" access for members of that department, while stuff in the "Private" folder was restricted to that department only. This way someone from HR could save and modify things in the HR\Public folder if he wanted the Management or Finance folks to see it, but if it was for HR eyes only it went into HR\Private. Likewise the other groups..