Once users have gained access to the network, they will need to access network resources. An important aspect of sharing information on the network is keeping highly sensitive or proprietary data secure while it is shared. This means some users will have access to the information and some won't. It also means that your users will have different levels of access to the data.
Access level to shares on the network is handled by permissions. A permission is the access level for a resource that you assign to a user or group of users (we will talk about user groups later in the chapter). Because you can potentially assign a different permission level to each user for every resource on the network, you can really fine-tune the access security for important information on the network.
In the Windows network environment, when you create a new share, it is assigned the read-only permission for the Everyone group, which is a special administrative group that includes all the users in the Windows domain (more about groups in a moment). Figure 20.5 shows the default share permissions for a Windows server share.
Figure 20.5. On a Windows network, new shares are automatically made available to all users on the network as read-only.
This means that the network administrator has to determine whether the share's security setting needs to be changed to accommodate different users on the network. For example, read-only may work fine for a number of "basic" users, but other users may need to be able to edit the contents of the share in question.
As you can see in Figure 20.5, additional users or groups can be added to the Properties box of the share and then different permission levels can be set for that group or user, such as Full Control or Change. You will find that organizing users into groups and assigning permission levels to the group makes more sense than assigning permissions to each individual user. Group permissions are discussed in the next section.
The NetWare environment also provides administrators with the ability to assign different rights to users in relation to resources such as folders shared on the network. Users can be assigned rights, such as Read, Write, Create, Erase, and Modify, to the share. Figure 20.6 shows the NetWare Remote Manager tool, which can be used to specify the rights (or permissions) that a user will have to a resource such as a folder on the network.
Figure 20.6. Users in the NetWare environment are assigned different rights to a resource such as a network folder.
Once a user has been assigned permissions (or rights) to a particular resource on the network (such as a folder), those permissions will dictate how the user can interact with that resource. For example, if the user has only been assigned the Read permission for a folder on a server, he won't be able to add any files to that folder or delete items in that folder.