Understanding Permissions


One key concept for managing network storage is permissions. Permissions allow users to access shared resources on a network. Simply sharing a disk doesn't guarantee that a given user can access the data it contains. Windows makes this decision based on the permissions that have been assigned to various groups for the resource and group memberships of the user. If the user belongs to a group that has been granted permission to access the resource, the access is allowed. If not, access is denied.

In theory, the permissions concept sounds simple. In practice, however, it can get quite complicated. This list explains some of the nuances of how access control and permissions work:

  • Every object-that is, every file and folder-on an NTFS volume has a set of permissions called the Access Control List, or ACL, associated with it.

  • The ACL identifies the users and groups that can access the object and specifies which level of access each user or group has. For example, a folder's ACL may specify that one group of users can read files in the folder while another group can read and write files in the folder and a third group is denied access to the folder.

  • Container objects-files and volumes-allow their ACLs to be inherited by the objects they contain. As a result, if you specify permissions for a folder, those permissions extend to the files and child folders that appear within it.

  • Table 17-1 describes the six types of permissions that can be applied to files and folders on an NTFS volume.

    Table 17-1: File and Folder Permissions
    Open table as spreadsheet

    Permission

    Description

    Full control

    Grants unrestricted access to the file or folder.

    Modify

    Grants the right to read the file or folder, delete the file or folder, change the contents of the file or folder, or change the attributes of the file or folder. Allows you to create new files or subfolders within the folder.

    Read & Execute

    Grants the right to read or execute the file and grants the right to list the contents of the folder or to read or execute any of the files in the folder.

    List Folder Contents

    Applies only to folders and grants the right to list the contents of the folder.

    Write

    Grants the right to change the contents of a file or its attributes. Grants the right to create new files and sub-folders within the folder.

    Read

    Grants the right to read the contents of a file or folder.

  • Tip 

    The six file and folder permissions are composed of various combinations of special permissions that grant more-detailed access to files or folders. Table 17-2 lists the special permissions that apply to each of the six file and folder permissions.

    Table 17-2: Special Permissions
    Open table as spreadsheet

    Special Full Permission

    Full Control

    Modify

    Read & Execute

    List Folder Contents

    Read

    Write

    Traverse Folder /Execute File

      

    List Folder/Read Data

     

    Read Extended Attributes

     

    Create Files/Write Data

       

    Create Folders/Append Data

       

    Write Attributes

       

    Write Extended Attributes

       

    Delete Subfolders and Files

          

    Delete

        

    Read Permissions

    Change Permissions

         

    Take Ownership

         

    Synchronize

  • You should assign permissions to groups rather than to individual users. Then, if a particular user needs access to a particular resource, add that user to a group that has permission to use the resource.




Networking For Dummies
Networking For Dummies
ISBN: 0470534052
EAN: 2147483647
Year: 2004
Pages: 254
Authors: Doug Lowe

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net