permissions
wheely
Member Posts: 105
I just want to make sure i understand this right. Suppose you are a member of the Everyone group and you want to access a folder. When accessed locally you have read permissions but when accessed through the share you still only have read permissions.
The NTFS permissions for the everyone group folder are Read.
The Share permissions for the everyone group folder are Change.
So even though i access it through the share i would still have only read permissions even if it says the everyone group has change permission for the share?
The NTFS permissions for the everyone group folder are Read.
The Share permissions for the everyone group folder are Change.
So even though i access it through the share i would still have only read permissions even if it says the everyone group has change permission for the share?
Comments
-
undomiel Member Posts: 2,818Correct, sum up the Share permissions (which in yours results in Change) and then sum up the NTFS permissions (which is Read for yours) and then the effective permissions would be the most restrictive of the two, which in your case is Read. If for instance you changed the NTFS permissions to Full then the Share permissions would be most restrictive and you would only have Change permissions when accessing through the share.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
wheely Member Posts: 105Ok that makes sense. So for instance if i have a folder and my NTFS permissions are full control but the share permissions are read. When i access it through NTFS i still only have read permissions?
-
Mishra Member Posts: 2,468 ■■■■□□□□□□"When i access it through NTFS i still only have read permissions?"
This means you are accessing it locally. If you are local to the machine accessing the shared folder, share permissions are not applied. -
royal Member Posts: 3,352 ■■■■□□□□□□Here's an analogy I've used in the past to describe how share vs ntfs permissions work:royal wrote:You have Share Permissions
You have NTFS Permissions
All your Share Permissions are cumulative
All your NTFS Permissions are cumulative
It then takes the most restrictive and assigns those as effective permissions. Think of it as a competition of Share vs NTFS. Share will gather as many teammates as possible (cumulating permissions). NTFS will also gather as many teammates as possible (cumulating permissions). Share and NTFS will then duke it out. The toughest (most restrictive permissions wins).
So lets say you have a user named John. John has ntfs Read. John is a part of the Sales Group. The sales group has Write. Because John has Read and is a part of the Sales group, he effectively has Read AND write. This means if John accesses the file system via console and goes to My Computer > C > bleh bleh and accesses that folder/file, he will be able to read AND write.
Now lets keep those ntfs permissions on that folder, but now lets share it out. By default, the Everyone group has read access to that share and that is all. Now lets say John instead goes to \\server\folder. He will be ONLY be granted Read access and will not be able to write. Why? Even though his ntfs permissions are Read/Write, he is restricted due to the Share permissions being more restrictive. Remember, it is Share vs NTFS. Share has more restrictive permissions (Everyone Read only, there is no Write there).
In real world, generally speaking, you'll just assign Share permissions to Everyone/Full Control. You will then restrict people's access via NTFS permissions.
Hope this helps.“For success, attitude is equally as important as ability.” - Harry F. Banks -
wheely Member Posts: 105So if my NTFS permissions are read and the share permissions are write when i access through the share i only have read permissions?
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□wheely wrote:So if my NTFS permissions are read and the share permissions are write when i access through the share i only have read permissions?
Correct. When you access a share remotely, you must factor in both NTFS and Share permissions. If you access a resource locally, you do not factor in the share permissions.All things are possible, only believe.