Is it possible to grant rename permissions, but not delete, in NTFS?

We have a folder for employees to scan contracts to. After scanning, they're supposed to rename them according to our conventions so they can be processed further. In response to a recent incident, these folders have had their security locked down (they're granted write, but not modify, permission) and now they are unable to rename the files.

Is there a technical way to accomplish what I'm trying to do? From what I've read, I don't think this is possible.

If not, can you suggest any workarounds? One possibility is to set the name of the file as it's being scanned in. Another is to have a trusted person in management be given sufficient permissions to rename.


Solution 1:

Apparently rename requires the delete permission. Alternatively, could you have the files be renamed before being placed in the required folder?
Another idea - perhaps a batch job could run that would rename files appropriately that could be run as a schedule task on the server with appropriate permissions.

Solution 2:

Not only using NTFS file permissions.

You could create a program which runs as a service that is started when the computer starts. Said service runs under an account which is allowed to delete and create files (and thus rename files).

Then you create a small program which performs rename on files by calling the service you wrote. That program could present itself in the explorer context menu when right clicking on a file as "Privileged rename".