Team Share permission roles
Anchor version 2.7.0 introduced a new feature set: Team Share Permissions.
As part of this feature set, permission roles were introduced. A permission role controls the access rights of a subscriber within a Team Share.
The access rights of various permission roles are enforced based on a user’s local environment. This provides a better user experience, and allows an early notification to users attempting to perform a non-permitted action.
Windows Access Control List (ACL)
To enforce the access rights of a permission role in a Windows environment, Anchor uses a standard Windows Access Control List (ACL).
- Once configured, the Windows ACL makes sure that a user cannot perform non-permitted actions.
- The ACL also notifies a user if their permission role does not allow performance of an attempted action. For example, a user subscribed to a Team Share with the Viewer permission role cannot rename, delete, or edit the content of files and folders within that Team Share. The user would be notified that these actions are not included in their Viewer permission role.
To make sure that the access rights of all permission roles are honored by the ACL, Anchor's desktop client for Windows updates the ACL of all users and user groups configured for a Team Share’s folder.
Customized permission roles
If you have configured custom ACL permissions for files and folders in a Team Share, those permissions will be updated by Anchor's desktop client to align them with the user's assigned role.
Mapping Anchor permissions with Windows ACL permissions
Anchor permissions and Windows ACL permission are not an exact match.
The map below compares Anchor permissions with Windows ACL permissions:
Anchor |
Windows |
item-delete |
DELETE |
file-read |
FILE_READ_DATA | FILE_READ_EA | FILE_READ_ATTRIBUTES |
file-write |
FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA |
folder-list |
FILE_LIST_DIRECTORY |
folder-create |
FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY |
folder-delete |
FILE_DELETE_CHILD |
The Windows constants mentioned in this table are described here:
https://docs.microsoft.com/en-us/windows/desktop/fileio/file-access-rights-constants
NOTE: Learn about Anchor Team Share use cases, permissions descriptions, and how to assign Team Share roles here: Anchor Team Share Permission Roles
Comments
0 comments
Article is closed for comments.