Modify rights to single file in a directory with only list permiss

We have a situation in which a user is only permitted to read and modify a
single file in a directory on a Win2K server. Mgt doesn't want them to see
any of the other files in that directory. I granted the user list
permissions to the folder and full rights to the file in question, but when
she tries to save she gets the message "The save failed due to out of memory
or disk space. <path\file>"
I granted write permissions to the folder and it still fails. Only granting
modify (and the associated "read") allow her to save. Shouldn't the
aforementioned method work without granting these extra rights to the folder?
Thanx!

 

The problem is not with what you have set for permissions, but with
how the application the person uses is handling things.
If you define a folder X and grant AcctsA List on the folder,
and have a file X\file.ext and it has a grant of Modify for AcctsA,
then for example, one of the AcctsA can open file.ext in notepad,
change it, and save it. No problem.
By comparison, Word would want to open a temp file in the same
directory and upon save rename this.
You could provide for that by a grant to AcctsA and another of at
least Modify to Creator Owner, but then they would be able to
save other files into the directory (and hence have access to more
than just the one file.
In short, this illustrates that it is more direct to isolate files needing
different permissions into separate folders.

 

You hit the nail on the head. It is indeed Word. But even though I went
into Advanced rights on the folder and granted "Create Files/Write Data" and
"Take Ownership" for the user it still fails. I don't see where you can add
"Modify to Creator Owner" though.

 

You could provide for that by a grant to AcctsA and another of at

IOW you would need to add two grants.
Follow the model used in XP for directors below root of a partition
1. a grant to Creator Owner
I suggested Modify, which is set on the generic NTFS dialog, not
in the Advanced view. As soon as it is applied it "disappears" in
the generic view (well, it changes to Special) because it is automatically
changed to an Applies to Subfolders and Files only
2. a grant to AcctA (or whatever your custom group) that allows them
to create (and then the first grant takes over giving them the rest on
what they create)
For your use, this grant only needs to be a special (i.e. use Advanced)
granting "Create files / write data" Now if you look elsewhere you
will see "Create folders / append data"