I have master data that has some sensitive information and would like to limit user access to. The data is used to for automated report generations in excel to pull non-sensitive fields, so I would like most users to have read permission. Is it possible to give read permission to users but then not give them permission to see the actual workbook in the file directory.
I have done a bit of research and I am thinking the solution would be in providing ‘Traverse folder/read data’ permission in Window’s Advanced Permissions for the folder/file. Unfortunately, I don’t have administrative rights and would like to present something solid to IT (they are very slow at getting things done).
Any insights into this would be amazing.
I am thinking the solution would be in providing ‘Traverse folder/read data’ permission in Window’s Advanced Permissions for the folder/file.
Yes, as long as you don’t grant “List” on the folder, the file can be accessed but not seen.
You don’t actually need to provide the Traverse permission explicitly (Windows 2000 started automatically granting it to everyone).
However, keep in mind that users will still be able to discover the file’s location in other ways (e.g. Excel’s error messages) – and as soon as they do that, your security will be gone. NTFS permissions are not a good way to hide sensitive data in the same file as public data; to do this property you really need two separate files.
Unfortunately, I don’t have administrative rights
Normally the owner (creator) of a directory can always change its permissions without needing administrative rights.