Status of Axcient Services

Articles in this section

See more

Anchor Desktop Client 2.7.0.1366 for Windows and the Access Control List (ACL)

Avatar
Tami Sutcliffe
  • Updated
Follow

Team Share permission roles 

Anchor version 2.7.0 introduced a new feature set: Team Share Permissions.

As part of this feature set, permission roles were introduced. A permission role controls the access rights of a subscriber within a Team Share. 

The access rights of various permission roles are enforced based on a user’s local environment. This provides a better user experience, and allows an early notification to users attempting to perform a non-permitted action. 

Windows Access Control List (ACL)

To enforce the access rights of a permission role in a Windows environment, Anchor uses a standard Windows Access Control List (ACL).

  • Once configured, the Windows ACL makes sure that a user cannot perform non-permitted actions.
  • The ACL also notifies a user if their permission role does not allow performance of an attempted action. For example, a user subscribed to a Team Share with the Viewer permission role cannot rename, delete, or edit the content of files and folders within that Team Share. The  user would be notified that these actions are not included in their Viewer permission role.

To make sure that the access rights of all permission roles are honored by the ACL, Anchor's desktop client for Windows updates the ACL of all users and user groups configured for a Team Share’s folder.

Customized permission roles

If you have configured custom ACL permissions for files and folders in a Team Share, those permissions will be updated by Anchor's desktop client to align them with the user's assigned role.

Mapping Anchor permissions with Windows ACL permissions

Anchor permissions and Windows ACL permission are not an exact match. 

The map below compares Anchor permissions with Windows ACL permissions:

  Anchor

  Windows

  item-delete

  DELETE

  file-read

  FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES

  file-write

  FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA

  folder-list

  FILE_LIST_DIRECTORY

  folder-create

  FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY

  folder-delete

  FILE_DELETE_CHILD

The Windows constants mentioned in this table are described here:
https://docs.microsoft.com/en-us/windows/desktop/fileio/file-access-rights-constants

NOTE: Learn about Anchor Team Share use cases, permissions descriptions, and how to assign Team Share roles here: Anchor Team Share Permission Roles

 

Related articles

Comments

0 comments

Article is closed for comments.