I have an application that needs to read a user's folder structure and then write files into that selected folder destination. Currently, I can accomplish this by requiring the read and write all files and folders permission. However, from a least privileges security standpoint, it would be ideal if I could disambiguate permissions between files and folders (ie. Folders: Read/Write and Files: Write Only). This would allow the application to browse and create folders as well as writing the files to the appropriate destination with giving blanket read access to all files. Having this distinction between files and folders is very important from a security / access perspective. As far as I can tell there is no way to do this, unless perhaps it's missing from the documentation?
Please sign in to leave a comment.