Permission help

Hi guys,

Been reading this forum alot since my exam is on the 6th Feb. I've been reading the Self-Paced Training Kit for this exam. Failed the first time as I didnt really study alot and I didnt push it back to a later date, but Im mubbling now. Right to the question I have. PERMISSIONS! God these are annoying. I was just wondering if someone could explain this question in the book:

In the second example, the users folder contains user home folders. Each user home folder contains data accessible only to the user for whom the folder is names. The users folder has been shared, and the Users group has the shared folder FULL CONTROL permission for the users folder. User1 and User2 have the NTFS FULL CONTROL permission for their home folder only and no NTFS permissons for othe folders. These users are all members of the users group. What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder? What asre Users1's Permissions for the User2 subfolders?


I know thw first question "What permissions does User1 have when he or she accesses the User1 subfolder by making a connection to the Users shared folder?" is Full Control

But for the second one I dont understand. If there is no NTFS permissions set he or she should be able to access it right?

Maybe I'm being stupid and missing something.

While writing this I looked at the Question again and maybe this is the answer to mine:

"User1 and User2 have the NTFS FULL CONTROL permission for their home folder only and no NTFS permissons for othe folders."
70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
MCSE - SharePoint 2013 :thumbup:

Road map 2017: JavaScript and modern web development

Comments

  • undomielundomiel Member Posts: 2,818
    The question is a bit of a study in reading comprehension. If you just skimmed the initial answer you'd get is probably going to be that they have FULL CONTROL to the folders. But reading into it a bit you see that it says that the users only have full control of their own folders and no permissions to other folders. Since you apply the principle of most restrictive of the two permission sets, here is the break down for User1 to access User2's folder as a share: ShareFullControl compare NTFSNone = effective permissions None. So it is as you said at the end, User1 has no permissions to User2's folder.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • knownheroknownhero Member Posts: 450
    Its just really annoying how they word the questions. I don't see how the FULL CONTROL for their own folders and then the NO NTFS Permissions for the other folders works. Surely with the NO NTFS PERMISSIONS should mean that user1 can access user2 folder if there is no permissions set.

    Sorry to be a pain about this. It's just not sinking into the brain! ARGH!
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013 :thumbup:

    Road map 2017: JavaScript and modern web development

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    knownhero wrote: »
    But for the second one I dont understand. If there is no NTFS permissions set he or she should be able to access it right?

    No. Honestly, I don't know why this point wasn't made clearer in most study materials. It seems like most just assume that it's an obvious point. You need to be assigned permissions in order to be able to access a resource.
  • knownheroknownhero Member Posts: 450
    dynamik wrote: »
    No. Honestly, I don't know why this point wasn't made clearer in most study materials. It seems like most just assume that it's an obvious point. You need to be assigned permissions in order to be able to access a resource.

    Okay so when it says "no ntfs permissions for other folders" in other questions that I see this in. It simply means deny?
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013 :thumbup:

    Road map 2017: JavaScript and modern web development

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    No, because if its set to inherit permissions, it will inherit permissions from the parent. For example, if the parent allows read, and the child that you're trying to access has neither allow or deny permissions set, you'll be given read access since its inheriting that from the parent (unless you deliberately block inheritance). On the other hand, if you denied read access on the child, you would not be able to read since it was explicitly denied. As you can see, that is a significant difference in functionality, so do not treat no permissions and deny as the same thing.

    Think of it this way, you must be granted allow permissions at some point. Access is commonly restricted by simply not assigning permissions. This makes sense if you think about it. If no permissions allowed access, every time you added a new user or group, you would have to back to every object and explicitly deny permissions for that user or group. That would be an absolute nightmare to try to maintain. Deny permissions are fairly rare. They usually exist to correct some flaw that occurred in the design and planning stage.
  • knownheroknownhero Member Posts: 450
    So just in my VERY SIMPLE terms of this is like this:

    You have a:

    Everyone
    Users
    Creator Owner
    Administrators

    Groups which you can enter the file and for which group you fall into you have to have these rules. If you are not in ANY of these you have NO ACCESS. Sort of like a bouncer rejecting you entry to a pub for not having ID?

    If that makes any sense


    So for example if "Tom" wasnt a member of any of the groups mentioned above. He has NO NTFS PERMISSIONS which means he has no access to the file?
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013 :thumbup:

    Road map 2017: JavaScript and modern web development

  • undomielundomiel Member Posts: 2,818
    Correct. No ntfs permissions means no access. Tom is just going to have a rough day.
    dynamik wrote: »
    Deny permissions are fairly rare. They usually exist to correct some flaw that occurred in the design and planning stage.

    Or introduce flaws into the design. :)
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • knownheroknownhero Member Posts: 450
    undomiel wrote: »
    Correct. No ntfs permissions means no access. Tom is just going to have a rough day.

    Awesome. Got that in the memory bank now. Hopefully I will start to catch on with all this permissions jargon. Next stop Basic and Dynamic disks.
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013 :thumbup:

    Road map 2017: JavaScript and modern web development

  • knownheroknownhero Member Posts: 450
    thanks guys!
    70-410 [x] 70-411 [x] 70-462[x] 70-331[x] 70-332[x]
    MCSE - SharePoint 2013 :thumbup:

    Road map 2017: JavaScript and modern web development

Sign In or Register to comment.