Need help?

Call Us: 306-966-2222
or: 1-800-966-4817
     (Toll Free in Canada)

Email Us

Chat with Us:
Monday - Friday
8:00 am - 5:00 pm
Please call for password resets

Visit the ICT Service Desk in Arts 70

Help - Permissions

Owners and delegated managers may add, remove and change permissions to all the folders to anyone with an NSID. There are two mechanisms for permissions management.

The first, is through IAM using high level groups. Owners and managers may add and remove users to / from the Read Only (RO) and Read Write (RW) IAM groups (iam.usask.ca). These groups apply to all files and folders in the share. For example, if you add a user to the RO group, that user will be able to read all files and folders (and won't be able to change any files or folders). A RW user will be able to view and edit, any file or folder in the share. The Management Delegate can create and edit folders. When you login to IAM, you will see your groups under the Group Resources tab. The group name will be something like ds_YourName_write_access. Click to edit and add names to the members 

The second mechanism is operating system level permissions. This gives managers fine-grained control over who has access to view and edit particualr files and folders. For example, if you want a user to have RO access to one particular folder and nothing else, you would add their NSID to the folder (see instructions below). CAUTION: Providing access through this process makes management of the file system difficult. Over time, managers may loose track of whick users have access and removing users after they leave your group arduous. Minimizing fine-grained permissions will make management of users over the long run easier. Note: Changes to file and folder level permissions at the OS level is only available through a Windows machine. Linux and OSX users can login to a Windows machine (or the Wndows server provided) to change permissions.

See below for more details. 

IAM

To edit users in the groups, follow the instructions below.

Add/Remove or Edit a user in a group

  1. Login to iam.usask.ca
  2. Select the Group Dashboard tab. (Fig 1.)
  3. Select the group name (Fig. 2)
    1. admin access provides users with all the rights of read and write in addition to setting permissions at the OS level.
    2. read access provides users with the ability to read files and folders. Users are unable to change permissions.
    3. write access provides users with the ability to write to files and folders, create files and folders. Users are unable to change permissions.
  4. Remove user, select "Expire Now" (Fig. 2D).
  5. Add user, select name (Fig. 2C).
    1. Enter NSID (Fig. 3A)
    2. Enter reason  (Fig. 3B)
    3. Select "Process The List" (Fig. 3C)
    4. In the dialog, select "Process The List"

 IAM

Fig. 1

IAM

Fig. 2

IAM

Fig. 3

IAM

Fig. 4

IAM Groups Explained

ds_YourName_admin_access

    • Has the ability to read/write to the file system (create, edit, change files and folders)
    • Can change permissions on the file system (at OS level)
    • Can change group members in IAM of the 3 default groups that are created
    • Has access to connect to the share to traverse (navigate) into the file system

 

ds_YourName_write_access

    • Has the ability to read/write to the file system (create, edit, change files and folders)
    • Has access to connect to the share to traverse (navigate) into the file system

 

ds_YourName_read_access

    • Has the ability to read the file system (files and folders)
    • Has access to connect to the share to traverse (navigate) into the file system

Windows

To  add a user, follow the instructions below.  

  1. Add the user to the DS_YourName_read_access group in IAM. (see IAM instructions). This gives the user the ability navigate to the folder.
  2. Select the desired folder (Fig. 1A).
  3. Right-mouse-buton click and select "Properties" (Fig. 1B).
  4. In the dialog that appears, select the "Security" tab (Fig. 1C).
  5. Click "Edit" (Fig. 1D).
  6. In the dialog that appears, enter the nsid of the user you want to grant permissions to (Fig. 1E) then select "Check Name" (Fig. 1F). 
  7. If it checks out, click "OK" (Fig. 1G).
  8. In the dialog, (Fig. 3), ensure that the new user iw highlighted (Fig. 3A) and select the desired permissions (Fig. 3B).
  9. Click "OK" (Fig. 3C).

To edit permissions follow the instructions below:

  1. Goto dialog as it appears in (Fig 3A) below.
  2. Select desired user (Fig. 3B).
  3. Edit permissions as needed.
  4. Click "OK".

To remove a user, follow the instructions below:

  1. Goto dialog as it appears in (Fig 2) below.
  2. Select desired user.
  3. Click "Remove" (Fig. 2A).
  4. Click "OK".
Windows Permissions
Fig. 1
Windows Permissions
Windows Permissions
Fig. 2
Fig. 3

Permission Levels

  1. Full Control read, write, modify, execute, change attributes, permissions, and take ownership of the file.
  2. Modify read, write, modify, execute, and change the file’s attributes.
  3. Read & Execute display the file’s data, attributes, owner, and permissions, and run a program.
  4. Read open the file, view its attributes, owner, and permissions.
  5. Write write data to the file, append to the file, and read or change its attributes

OSX

This service is not available for OSX. Login to the Windows machine to change permissions using Windows instructions above.

For your convenience, ICT has provided a Windows server to change permissions. Login into restore.usask.ca through an RDP client. More here: https://www.usask.ca/ict/services/network-services/remote-desktop/configure-computer-mac.php

Linux

This service is not available for Linux. Login to the Windows machine to change permissions using Windows instructions above.

For your convenience, ICT has provided a Windows server for Linux  users to change permissions. Login into restore.usask.ca through an RDP client. 
Linux users can try RealVNC or similar RDP client.

Caution

Permissions offer users the ability to share files with collaborators, however a few things should be noted.

The group based persmission enabled by IAM is limited in its ability to provide fine grained access. If, for example, you user A to be limited to viewing just one of many folders, this approach will not work. 

Last modified on