Running since before spring 2015.
See also
- http://www.physics.cornell.edu/professorspeople/administrative-staff/
- Effective use of Physics file storage server (history)
Ask PhysIT!
- The actual permissions is governed using Cornell Active Directory and file share permissions which PhysIT manage for Physics staff.
- The below information is thus likely dated but forms a framework for a largely static administrative need and thus can be a useful reference.
Shared folders
Synonyms: Folders == directories.
Conventions used among staff will limit actions not necessarily enforced by the permissions.
Objective: Reduce complexity to reduce mistakes and facilitate debugging, balanced with ensuring security and adequate access.
Graphic: Who can access specific folders
Matrix: Who can access specific folders
| Folders: | |||||||
Staff Person: | Office | Instruction | Grad | Chair support | Business | Tech | Testing Center |
| Sue | X | X | |||||
| Brad | X | X | |||||
| Rosemary | X | X | |||||
| Kacey | X | X | X | ||||
| Deb | X | X | X | X | X | ||
| Nancy | X | X | |||||
| Craig | X | X | X | X | X | ||
| Tech Staff | X | ||||||
Testing Center Staff | X | ||||||
| Chair | X |
Implementing the above summaries:
Groups
| Primary Dept Group | Secondary group | Sub-group name | NetIDs | Members | Sorting |
|---|---|---|---|---|---|
All Physics Staff AS-PHY-Staff | Physics Office Staff AS-PHY-OfficeStaff | Management AS-PHY-Management | cww67 dah6 | Craig Wiggers Deb Hatfield | 1 |
| AS-PHY-Staff | AS-PHY-OfficeStaff | Business AS-PHY-Business | nbs4 | Nancy Searles | 2 |
| AS-PHY-Staff | AS-PHY-OfficeStaff | Grad AS-PHY-Grad | klb79 | Kacey Acquilano | 3 |
| AS-PHY-Staff | AS-PHY-OfficeStaff | Instruction AS-PHY-Instruction | rjf2 sfc1 | Rosemary Barber Sue Sullivan Danyel W | 4 |
| AS-PHY-ChariFiles | Chairs Office | Eanna | |||
| AS-PHY-Tech | Tech | Jenny, Mark, Nick, Vince | |||
| AS-PHY-TestCtrStaff | Testing Center | Alan, Kathleen, Nick T. |
Possible future groups:
| Primary Dept Group | Secondary group | Sub-group name | NetIDs | Members | Sorting |
|---|---|---|---|---|---|
| AS-PHY-Staff | Technical AS-PHY-Technical | jew16 ml622 ns53 vwk1 | Jenny Wurster Mark Lory-Moran Nick Szabo Vince Kotmel | 1 | |
| AS-PHY-Lecturers | Lecturers | Use at all? | 2 |
Folders, sub-folders, and their custodian
| Folder name | Within folder | Primary folder owner (NetID) | Notes | Sort |
|---|---|---|---|---|
Undergrad and events | Instruction | Sue Sullivan (sfc1) | Access by all office staff To contain, from John's originally proposed folder names, "Colloquia/events" and "Gen. Information". | 1 |
Duplicating | Instruction | Brad Rayle (bgr33, temp) | Access by all office staff | 2 |
Courses | Instruction | Rosemary Barber (rjf2) | Access by all office staff John's originally proposed folder name was "Course mgmt". | 3 |
Office | (top level) | Sue Sullivan (sfc1) | Access by all office staff Just office staff. Thus, not for Nor for all Physics staff (including Tech). This was not one of John's originally proposed folders. PhysIT's proposed folder name was "Department". | 4 |
Grad | (top level) | Kacey Acquilano (klb79) | 5 | |
HR and Staffing | Business | Deb Hatfield (dah6) | originally proposed folder name was "HR/Staffing". | 6 |
Budget and Finance | Business | Nancy Searles (nbs4), Craig Wiggers (cww67) | originally proposed folder name was "Budget/Finance". | 7 |
Chair support | (top level) | Deb Hatfield (dah6) | originally proposed folder name was "Chair". To contain, from John's originally proposed folder names, "Faculty", which he had noted that Kacey needed occasional access. | 8 |
Possible future folders and their custodian
| Folder name | Within folder (if any) | Primary folder owner (NetID) | Notes | Sort |
|---|---|---|---|---|
Tech | Mark Lory-Moran (ml622)? | Add if it represents any value to Vince, Mark, and/or Jenny. | 1 | |
| Instruct | Who? | Must first present idea to instructors. Add if it represents any value to them. | 2 |
Folders hierarchy and permissions
Physics Dept Group's Share | Top Level Folder (Permissions here) | 2nd Level Folders | Folder Access | Notes | Sort |
|---|---|---|---|---|---|
| \\files.cornell.edu\as\PHY\Admin | Instruction => AS-PHY-OfficeStaff | Undergrad and events Duplicating Courses | All office staff | 1 | |
Office AS-PHY-OfficeStaff | | All office staff | Not all staff | 2 | |
Grad AS-PHY-Grad AS-PHY-Management | | Grad, and Management | 3 | ||
| Business => AS-PHY-Business AS-PHY-Management | HR and Staffing Budget and Finance | Business, and Management | 4 | ||
| Chair support AS-PHY-Management | | Management | 5 |
Possible future folders hierarchy and permissions
Physics Dept Group's Share | Top Level Folder (Permissions here) | 2nd Level Folder | Folder Access | Notes | Sort |
|---|---|---|---|---|---|
| \\files.cornell.edu\as\PHY\Admin | Tech AS-PHY-Tech | Technical, and Management | Placeholder: Any value to them? | 1 | |
Instruct AS-PHY-Instruct | Lecturers, and Management | Create at all? | 2 |
SysAdmin Note:
- Permissions on shared dept folders will be applied only by groups, not ID's (Due in part to the complexity of tracking /adding / removing individual permissions applied to folders, as well as possible file inheritance & permissions settings.)
- Individual ID permissions should only be granted to folders in "Users" folder trees, if used. (Scripting / variables may be preferred)
- Groups should have a functional name (please) "Business office", "Instruction", etc.
- All Phy dept sub-groups will be put in a primary Physics Admin / dept group - which is used to apply policies, map drives, apply networked printer queues, allow access to the share, etc.
- A special
- All staff must be in at least one sub-group, and preferably only one - even if the group only contains one person. (To allow access to share, policy’s, etc.)
- Folders which everyone can access do not need finer grained permissions. (Use primary group @ root only)
- Groups may either be nested (HR in Business Office), or multiple groups may be given permission to a folder (Safety, Facilities), as appropriate.
- Where group nesting/ combining is not sufficient, a user may be placed in more than one group.
- Caution is advised with any nesting or combined group access, unintended future rights may result.
- It is desirable to use these same groups for all services, such as Group Policies, FileMaker, Printing, File Sharing, etc.
- Policies can only be applied to accounts which are in the AD Tree cornell.edu\CUinv\NetIDs\Staff\AS\, or are created by AS/ChemIT/Physit (Special admins, guestID's, etc.)
Individual's folders
Info from John Miner, to inform this:
| Folder name | Primary directory (folder) owner (NetID) | Full folder access, by group or individual (NetID) | Notes |
|---|---|---|---|
Management | JOHN | Q: Is this more a personal folder, not a "shared" folder? A: Sounds that way. "Users\jcm8" John's originally proposed folder name was "Manager". To contain, from John's originally proposed folder names, "Facilities". |