0

Sometimes when running ETL packages on flat files, I receive error: "The process cannot access the file because it is being used by another process".

Another person already has file opened.

Is there a Windows Security Folder permission where person can only copy/move files into folder, but cannot read files in the folder. We are trying to create a staging folder.

This will avoid the "file is already open errors", so ETL can be processed?

Thanks,

  • You can deny read, write, and append access to files in the folder. Users will still be able to create, delete, and rename files in the directory. However, this doesn't apply to existing open files. – Eryk Sun Oct 22 '17 at 17:31
  • BTW, I voted to move this question to superuser.com. It's not on-topic here since it's not directly and uniquely related to programming. – Eryk Sun Oct 22 '17 at 18:24
  • if you know what options in Gui to select, that would be good, I am a more beginner, my experience is in C#, see below –  Oct 22 '17 at 18:36
  • You need to use the advanced permissions editor. Add an entry for the principal/trustee "Everyone" (S-1-1-0). Change the type to "Deny" and apply it to "Files only". Show advanced permissions, and ensure that only read data, write data, and append data are selected. – Eryk Sun Oct 22 '17 at 18:49

1 Answers1

0

From eryksun:

Question/Answer should be moved to superuser

From the command line, you can run icacls "folder name" /deny *S-1-1-0:(OI)(IO)(RD,WD,AD).

"S-1-1-0" is the security identifier of "Everyone".

"OI" (object inherit) means this entry is inherited by files (but subfolders merely propagate the entry; it doesn't apply to the folders themselves; just their files).

"IO" (inherit only) means the entry does not apply to this folder; it's only for inheritance. And the reaming three are read data, write data, and append data.

(1) In the GUI: which ones would I exclude? List Read Permissions, Change Permissions, Seems like Create Files is coupled with Write Data?

enter image description here