The following two security rules set different sets of access rights for
a parent object (in this example, the picture_library folder on
domain example.com) and its child objects - subfolders and files
contained in the folder. The resulting security configuration will
prohibit deletion of the parent container by a website owner, but will
allow the user full control for files and folders contained in the
picture_library folder.
Security rule entry 1
The following rule sets access rights to files in the
httpdocspicture_library folder on domain example.com for the
Windows user account named domainuser1, prohibiting deletion of the
folder.
<Entry AccounType="1" Account="domainuser1" SidStr="S-1-5-21-821798554-1223697094-3523996037-1043" Path="[HTTPD_VHOSTS_D]" SubPath="example.comhttpdocspicture_library" AceFlags="ThisObjectOnly" AccessMask="FileRemovable" EntryFlags="0x141" Tag="DomainUser" Tag2="" />
Explanation
Because the name domainuser1 is not a standard system account name, it
has to be resolved in the system (hence, AccounType=”1”). The optional
SidStr attribute is defined to improve Plesk stability. The
HTTPD_VHOSTS_D component path in the Path attribute specifies the common
part of the path to the domain root folder where the example.com folder
is located. The SubPath attribute completes the path to the
httpdocspicture_library folder to which the rule will be applied.
AceFlags=”ThisObjectOnly” specifies that,…