If you implement classic sharing, it's also vital that you understand how these share permissions interact.
The most important rule to keep in mind is that share permissions are cumulative. For example, all users are part of the Everyone group, and by default, this group has the Read permission when setting up a share. Continuing the previous example, I've added a user, The Dude, to the ACL, and now grant that user Full Control. Permissions for The Dude have now been articulated twice: once as a part of the Everyone group, and once as an individual user (of course, it's possible for the user to be a part of multiple groups as well). What is the effective permission for The Dude?
Full Control, which is a combination of all group and individual permissions.
The exception to this is the Deny permission, which trumps any Allowed permission. For example, if the Everyone group were denied the Read permission, The Dude would be denied permission to Read the files in a folder he was otherwise able to fully control.
These sharing permission rules also apply:
It's also vitally important to realize that share-level Permission entries that we've just seen are not the same as the ACL on the Security tab. We'll get to the Security tab presently.