Understanding Share Permissions

Once users have gained access to the network, they will need to access network resources. An important aspect of sharing information on the network is keeping highly sensitive or proprietary data secure while it is shared. This means some users will have access to the information and some won't. It also means that your users will have different levels of access to the data.



Microsoft Windows networks running Windows 2000 Server or Windows Server 2003 also provide you with the ability to secure resources right down to the file level. This is because NTFS (NT File System) provides different access levels to files, folders, and drives . Because a folder on a Windows network can be both protected by share permissions (as we've discussed here) and NTFS permissions, figuring out the actual rights that a user has to a particular resource can become quite a brainteaser. For example, if a user is given full access to a folder due to the share permissions set on that folder, but is assigned an NTFS permission of no access, the user will not be able to access the folder. These two different permission systems combine so that the most restrictive access provided is realized by the user. For more detailed information regarding access permissions on a Windows network, check out Sams Teach Yourself Windows Server 2003 in 24 Hours .

Access level to shares on the network is handled by permissions. A permission is the access level for a resource that you assign to a user or group of users (we will talk about user groups later in the chapter). Because you can potentially assign a different permission level to each user for every resource on the network, you can really fine-tune the access security for important information on the network.

In the Windows network environment, when you create a new share, it is assigned the read-only permission for the Everyone group, which is a special administrative group that includes all the users in the Windows domain (more about groups in a moment). Figure 20.5 shows the default share permissions for a Windows server share.

Figure 20.5. On a Windows network, new shares are automatically made available to all users on the network as read-only.


This means that the network administrator has to determine whether the share's security setting needs to be changed to accommodate different users on the network. For example, read-only may work fine for a number of "basic" users, but other users may need to be able to edit the contents of the share in question.

As you can see in Figure 20.5, additional users or groups can be added to the Properties box of the share and then different permission levels can be set for that group or user, such as Full Control or Change. You will find that organizing users into groups and assigning permission levels to the group makes more sense than assigning permissions to each individual user. Group permissions are discussed in the next section.

The NetWare environment also provides administrators with the ability to assign different rights to users in relation to resources such as folders shared on the network. Users can be assigned rights, such as Read, Write, Create, Erase, and Modify, to the share. Figure 20.6 shows the NetWare Remote Manager tool, which can be used to specify the rights (or permissions) that a user will have to a resource such as a folder on the network.

Figure 20.6. Users in the NetWare environment are assigned different rights to a resource such as a network folder.


Once a user has been assigned permissions (or rights) to a particular resource on the network (such as a folder), those permissions will dictate how the user can interact with that resource. For example, if the user has only been assigned the Read permission for a folder on a server, he won't be able to add any files to that folder or delete items in that folder.

Absolute Beginner's Guide to Networking
Absolute Beginners Guide to Networking (4th Edition)
ISBN: 0789729113
EAN: 2147483647
Year: 2002
Pages: 188
Authors: Joe Habraken

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net