Granting Read Permission to Application Instead of Users

Hi,

At the place where I work, my boss wants me to make an Excel file available
to users so that it can be opened through this really small application that
basically just displays the contents of the file and allows you to search
through it. The catch is, he is very adamant that he does not want the users
to be able to copy the file.

Now, since I know that as soon as a user can read a file, he can also copy
it, I was wondering if it is at all possible to grant the read permission to
the application, and bypass the user altogether. The application has no Save
menu available.

Thanks for your thoughts

 

Hello Tom,

It is not the application that makes the connection in the network, the user
authenticates and get a security token which grants the kind of access.

So you can not prevent users form copying the file if they are able to read
it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> At the place where I work, my boss wants me to make an Excel file
> available to users so that it can be opened through this really small
> application that basically just displays the contents of the file and
> allows you to search through it. The catch is, he is very adamant that
> he does not want the users to be able to copy the file.
>
> Now, since I know that as soon as a user can read a file, he can also
> copy it, I was wondering if it is at all possible to grant the read
> permission to the application, and bypass the user altogether. The
> application has no Save menu available.
>
> Thanks for your thoughts
>

 

Guten Tag Meinolf,

I am a little divided on the issue you rose. I know of some applications
that use the user context to interact with security objects and others that
don't. I believe access can sometimes be granted/denied to certain
applications. When and how, I don't know...

Thanks

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6621ae18cb98bda2b6a641@msnews.microsoft.com...
> Hello Tom,
>
> It is not the application that makes the connection in the network, the
> user authenticates and get a security token which grants the kind of
> access.
>
> So you can not prevent users form copying the file if they are able to
> read it.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>>
>> At the place where I work, my boss wants me to make an Excel file
>> available to users so that it can be opened through this really small
>> application that basically just displays the contents of the file and
>> allows you to search through it. The catch is, he is very adamant that
>> he does not want the users to be able to copy the file.
>>
>> Now, since I know that as soon as a user can read a file, he can also
>> copy it, I was wondering if it is at all possible to grant the read
>> permission to the application, and bypass the user altogether. The
>> application has no Save menu available.
>>
>> Thanks for your thoughts
>>
>
>

 

You're thinking of token privileges still. It doesn't work that way,
unfortunately. What you're asking about is a digital rights management
problem, so you may want to look into DRM. The solutions won't be precisely
what your manager has asked for, but you can present the data in a container
designed to _inhibit_ copying. If users don't need to _modify_ the data,
that could be a workable solution.


"Tom Bombadil" <Genius_Poster@Yahoo.com> wrote in message
news:uIGz9TqyJHA.3968@TK2MSFTNGP06.phx.gbl...
> Guten Tag Meinolf,
>
> I am a little divided on the issue you rose. I know of some applications
> that use the user context to interact with security objects and others
> that don't. I believe access can sometimes be granted/denied to certain
> applications. When and how, I don't know...
>
> Thanks
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6621ae18cb98bda2b6a641@msnews.microsoft.com...
>> Hello Tom,
>>
>> It is not the application that makes the connection in the network, the
>> user authenticates and get a security token which grants the kind of
>> access.
>>
>> So you can not prevent users form copying the file if they are able to
>> read it.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Hi,
>>>
>>> At the place where I work, my boss wants me to make an Excel file
>>> available to users so that it can be opened through this really small
>>> application that basically just displays the contents of the file and
>>> allows you to search through it. The catch is, he is very adamant that
>>> he does not want the users to be able to copy the file.
>>>
>>> Now, since I know that as soon as a user can read a file, he can also
>>> copy it, I was wondering if it is at all possible to grant the read
>>> permission to the application, and bypass the user altogether. The
>>> application has no Save menu available.
>>>
>>> Thanks for your thoughts
>>>
>>
>>
>

 

You could try granting the user read access to the file but not to the folder.
This will depend upon how to application works. Excel opens the folder and reads
it then opens the file and fails if read access is denied on the folder. Notepad
simply opens the file bypassing the folder. Thus it will work even if the folder
read access is denied. It all depends upon the Bypass Traverse Checking feature
and how the app works. You will need to test the app. Also the user may still be
able to copy the file but cannot browse for it. It therefore gets very difficult
for the user if hidden shares are used. Most admins would be able to copy the
file but most users would not.



On Fri, 1 May 2009 14:50:03 -0700, "Tom Bombadil" <Genius_Poster@Yahoo.com>
wrote:

>Guten Tag Meinolf,
>
>I am a little divided on the issue you rose. I know of some applications
>that use the user context to interact with security objects and others that
>don't. I believe access can sometimes be granted/denied to certain
>applications. When and how, I don't know...
>
>Thanks
>
>"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>news:ff16fb6621ae18cb98bda2b6a641@msnews.microsoft.com...
>> Hello Tom,
>>
>> It is not the application that makes the connection in the network, the
>> user authenticates and get a security token which grants the kind of
>> access.
>>
>> So you can not prevent users form copying the file if they are able to
>> read it.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Hi,
>>>
>>> At the place where I work, my boss wants me to make an Excel file
>>> available to users so that it can be opened through this really small
>>> application that basically just displays the contents of the file and
>>> allows you to search through it. The catch is, he is very adamant that
>>> he does not want the users to be able to copy the file.
>>>
>>> Now, since I know that as soon as a user can read a file, he can also
>>> copy it, I was wondering if it is at all possible to grant the read
>>> permission to the application, and bypass the user altogether. The
>>> application has no Save menu available.
>>>
>>> Thanks for your thoughts
>>>
>>
>>
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.

 

If you can modify the application, you could make it "impersonate" a
specific user account and limit access to the file to that specific user
account.

--
Bruce Sanderson
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Tom Bombadil" <Genius_Poster@Yahoo.com> wrote in message
news:06ED989D-9CCB-4D8C-86EA-375223B16A18@microsoft.com...
> Hi,
>
> At the place where I work, my boss wants me to make an Excel file
> available to users so that it can be opened through this really small
> application that basically just displays the contents of the file and
> allows you to search through it. The catch is, he is very adamant that he
> does not want the users to be able to copy the file.
>
> Now, since I know that as soon as a user can read a file, he can also copy
> it, I was wondering if it is at all possible to grant the read permission
> to the application, and bypass the user altogether. The application has no
> Save menu available.
>
> Thanks for your thoughts