Topics Map > Storage > uFiles
uFiles: Suggested Organization of Folders for IT Professionals
Suggestion of how to organize folders so as to simplify time needed to maintain uFiles
The suggestion below is meant to provide a simple, reliable mechanism for IT Professionals to correctly limit access to uFiles. Granting a new user access is as simple as adding that user to a groups, and will not require the IT Professional to make any Access Control List changes to folders or files.
For each major College, School, or organizational unit, a share will be created:
Note that XYZ in the above example is the three or four letter unique designation for a group on campus as determined in the AD Naming Conventions document maintained by the IAM group. Contact the IAM group for group naming conventions.
For each share, two organizational groups will be created:
The XYZ-uFiles-Users group contains all the individuals and Active Directory groups that will have permission to change files.
uFiles understands and supports Access Based Enumeration. This feature means that users see only files and folders that they have been granted access to see.
People at the top of the chart can typically see everything. People at the bottom can only see their terminal end of the branch.
Example Group Structure
Each group above is a member of the group above it. Each group above is granted change permission to the directory branch below corresponding to the group name, but there is no inheritance of permissions at this level.
Here is an example file structure for the above Group structure:
Thus in order to grant access to the Team1 folder above, you only have to add a user to the XYZ-Division2-Group1-Team1 group in Active Directory.
Access Control Lists can often be problematic to fix or especially edit. For unusual circumstances, it is suggested that you use "cacls" from the command line to edit folder permissions because it allows the user of the /E switch to edit an existing ACL instead of replacing it.