Powered by ZigaForm version

recommended mapping of the old NTFS rights to the new target permissions in the table mode

The first task in the work and design process via the table mode is the re-mapping of the previous "old and grown" authorizations to the new authorizations by default. This makes sense in order to convert the many different "individual" rights into a standard.

All individual rights are broken down by type and propagation and must now be assigned to the standard rights. Not only the rights themselves play a role, but also the type of rights (like refuse) and the propagation (the application to this folder, subfolders and files). These rights can be converted into standard rights in the mapping table.

1. The standard rights at migRaven

Right Type Propagation (Apply to)

Read and Execute   Allow this folder, subfolders, files
Write              Allow this folder, subfolders, files
Modify             Allow this folder, subfolders, files
Modify Plus *       Allow this folder, subfolders, files (more about ModifyPlus)

Full Control       Allow this folder, subfolders, files

2. Different rights

The mapping table displays the rights that differ from the default rights that were found in the scanned share.

Different rights are indicated by

  • a different composition of extended permissions
  • by another guy, Deny
  • through another propagation (apply to)

Other parameters, such as Synchronize and "Apply permissions only for objects and / or containers in this container" are not considered here.


3. Rights mapping

The deviating rights are displayed in the mapping table and you have the option of assigning each of these deviating rights by a standard right of migRaven to replace. You can also ignore a right, then it will not transfer.
However, standard rights will also be displayed if we recommend that you modify this right.

The columns of the mapping table:

3.1. Law

This displays the name of the Microsoft-authorized privilege, or if it does not, the extended privilege components.

3.2. ID

For each of these rights, there is an ID that uniquely identifies each right in programming. To be found on the Web under FileSystemRights.
Some IDs are:

1048854 WRITE with Synchronize 1179785 READ with Synchronize 1179817 READ AND EXECUTE with Synchronize 1180063 READ AND WRITE with Synchronize 1180095 Read And Execute, Write with Synchronize 1180159 ModifyPlus * 1245631 MODIFY with Synchronize 131209 READ 131241 READ AND EXECUTE 131487 READ AND WRITE 131519 Read And Execute, Write 197055 MODIFY 2032127 FullControl 278 WRITE

(Synchronize controls the wait function on the file handle for asynchronous reads and writes.)

3.3. Type

Possible types are Allow and Deny.

3.4. propagation

The propagation is the application to this folder, subfolders and files and the compilation variants of these three goals.

3.5. Rights mapping

Here you must replace the existing right with a standard right. In individual cases there migRaven a recommendation. With "Ignore" you can omit the right. It is then left out everywhere it occurs. The following entries are available:

  Ignore Read and Execute Write Modify Modify Plus * Full Control

3.6. recommendation

  1. Ignore full access: this right should be set to root and inherited. Exception: There are authorized accounts with full access, which should in future only get Modify or Modify Plus. In this case, in the step "table filling" the real Admin accounts can be excluded. Please map in these cases the full right to Modify Plus or Modify.
  2. Take into account, in particular, rights contained in the propagation "files". If files are not included, then it's usually a bug or a list right. Gerde latter is through migRaven fully automatically generated again.
  3. If you have Deny permissions, they should be excluded. It would be useful in cases either to break the inheritance or to move directories with limited privileges to higher levels. This transformation can be done fully automatically in the redesign project via the following table, with the possibility to define different paths.

3.7. Save rights mapping

If you have replaced all rights with standard rights, possibly also with "Ignore", you can save the table. For the next project, your substitutions will be preset in the "Rights Mapping" column. Only deleting your database will cause these settings to be lost.
After saving jumps migRaven get on the Tables mode.

-------------------------------------------------- -------------

*Modify Plus is equivalent to the Modify right, but the extended Delete permission has been replaced by the "Delete subfolders and files" option. As a result, the authorized user or the authorized group can not delete, not move, and not rename this folder on which he or she explicitly receives the right.

Permanent link to this post: https://help.migraven.com/rechte-mapping-6/