Permission questions
susuandme
Member Posts: 136
Can someone help with the two following Share permission questions with explaination.
In this scenario, the \Reports folder has been shared as the Reports shared folder. The user Mary is a member of the Sales group as well as Everyone and the Users group
Share permission: Everyone = Change
Ntfs Permissions: User group = list content, read & execute, read
What are Mary's effective permissions.
2. Same scenario as above only :
Share permission = Everyone = Full Control
NTFS Permission: Everyone = list contents, read & execute, read, deny write
Sales = Write, list contents, read & execute, read, write
What are Mary's effective permissions here ? Thankyou.
In this scenario, the \Reports folder has been shared as the Reports shared folder. The user Mary is a member of the Sales group as well as Everyone and the Users group
Share permission: Everyone = Change
Ntfs Permissions: User group = list content, read & execute, read
What are Mary's effective permissions.
2. Same scenario as above only :
Share permission = Everyone = Full Control
NTFS Permission: Everyone = list contents, read & execute, read, deny write
Sales = Write, list contents, read & execute, read, write
What are Mary's effective permissions here ? Thankyou.
Comments
-
skrpune Member Posts: 1,409The notes I have for Network+ on permissions are that:
Share Permission + Share Permission = LEAST restrictive applies
Share Permission + NTFS Permission = MOST restrictive applies
NTFS Permission + NTFS Permission = LEAST restrictive applies
So in case 1, NTFS Permissions + Share Permissions, the most restrictive permissions apply. In this case, I think Mary would be given the NTFS User Group permissions & would be able to list content, read & execute, and read (as "Change" for share permissions means creating files & adding/deleting folders
In case 2, you've got a case of Share Permissions + (NTFS + NTFS), so I would assume you'd compare the Share Permissions to the least restrictive of the NTFS permissions...but that's mostly based on me using some logic as well as the "order of operations" theory rather than actual first hand knowledge of permissions! I'd guess that in case 2, NTFS (being more restrictive) would trump Share, and out of the NTFS permissions, the least restrictive one would apply, so Mary would have the NTFS Everyone group permissions.
Please take this with a grain of salt though - this is just my interpretation given a limited knowledge of permissions...if there's someone else out there with more experience/knowledge on the subject matter that thinks to the contrary, please chime in and correct my interpretation & assumptions!Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
royal Member Posts: 3,352 ■■■■□□□□□□skrpune is correct except for one thing that is sort of right but sort of wrong at the same time. Mary wouldn't only get the Everyone group, but would also get the Sales group permissions. Read on for clarification.
skrpune states that Mary would get the NTFS everyone group permissions. What would actually happen is since you accumulate all Share Permissions, then accumulate all NTFS permissions, and then it's the most restrictive. So what would happen is since all the NTFS permissions for her account and all groups she's in are combined, she gets ALL permissions for both the Everyone group and the Sales group but would be denied write.“For success, attitude is equally as important as ability.” - Harry F. Banks -
susuandme Member Posts: 136thankyou all for explaining this, its starting to become clearer,
I get a little confused when I read some scenarios that are 3 paragraphs long, so knowing the right way to sort things out the way you have described it by first adding up shared and ntfs permissions separately. Then use the most restrictive helps.
I also found out that you can't use "share permissions" just by themselves, or else you will lose all access, you have to use both Share and NTFS permissions when sharing a folder.
However, I think that NTFS permissions are different, I read that you can use them without the share permission. thanks again -
royal Member Posts: 3,352 ■■■■□□□□□□Well when you access a folder using a UNC path such as \\server\sales, you need share and ntfs permissions. If you're accessing something directly on the file system C:\someting, then you bypass share permissions and NTFS permissions still apply.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
skrpune Member Posts: 1,409royal wrote:skrpune is correct except for one thing that is sort of right but sort of wrong at the same time. Mary wouldn't only get the Everyone group, but would also get the Sales group permissions. Read on for clarification.
skrpune states that Mary would get the NTFS everyone group permissions. What would actually happen is since you accumulate all Share Permissions, then accumulate all NTFS permissions, and then it's the most restrictive. So what would happen is since all the NTFS permissions for her account and all groups she's in are combined, she gets ALL permissions for both the Everyone group and the Sales group but would be denied write.Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
royal Member Posts: 3,352 ■■■■□□□□□□skrpune wrote:royal wrote:skrpune is correct except for one thing that is sort of right but sort of wrong at the same time. Mary wouldn't only get the Everyone group, but would also get the Sales group permissions. Read on for clarification.
skrpune states that Mary would get the NTFS everyone group permissions. What would actually happen is since you accumulate all Share Permissions, then accumulate all NTFS permissions, and then it's the most restrictive. So what would happen is since all the NTFS permissions for her account and all groups she's in are combined, she gets ALL permissions for both the Everyone group and the Sales group but would be denied write.
Exactly.“For success, attitude is equally as important as ability.” - Harry F. Banks