Yet another confusing (to me) permissions practice question...

NunyaNunya Member Posts: 12 ■□□□□□□□□□
OK, any help clarifying would be appreciated, I'm trying to figure out if I'm reading too much into the question or if I'm wrong or if the practice question is vague or wft....

Users should be able to execute the application and the Accounting group needs to manage it. The Accounting group should not be required to log on to the server console to manage the application.

Required result: Users should only be able to read information, not make changes or open the application.

Optional results: Accounting group will need to manage application through the server console.

The Accounting group should not be required to log on to the server console to manage the application.

Proposed solution: Configure permissions as follows:

Share:
Administrators FC
Accounting FC
Users Read

NTFS:
Administrators FC
Accounting FC
Users Read and Execute

The practice question author has the answer of "Meets required and both options" as the correct answer...

I get Least/Least/Most, I get Cummulative Groups: What I don't get is why the answer isn't "Doesn't meed required" which is what I think it is: BECAUSE, the Share permission of Read grants Read/Execute, combine that with NTFS Read/Execute and the Users group would then have the rights to execute the program over the network...and the authors detail their answer as that Users would only have Read over the network (Share)...so again wouldn't giving Share Read grant Share Read/Exe and combining that with NTFS Read/Exe would give that group Read/Exe yes/no? In addition, their answer detail also states: When combining share and NTFS permissions, the most restrictive of the permissions applies (I get/understand that) continuing their detail: "so the Accounting group will be limited to Read and Execute permissions when accessing the application over the network. The Acctng. Group will still be able to log in to the system console where only the NTFS permissions apply..." So with this in mind, are they implying that the Accounting group is a part of the Users group and therefore would be limited to what the Users group share allows (Read thus Read/Exe)??? and by assuming this we can also assume that the Users group would also have Read/Exe Share and Read/Exe NTFS effectively giving them the same ability to "run" the application over the network that the Accounting group would have and thus my answer of "Does not meet required" would be correct because the question required states that Users should only have the permissions to Read the data...not run the application...

Am I wrong or just reading too much into it or are they wrong and I need to submit a "correct this question" to their editors?

I'm thinking that this question is simply poorly worded and (could) be better stated in the Required Result by simply stating: Users should only be able to run the application to and be limited to only being able to read information, not make changes to data nor manage the application...

If the initial question and the Required result were more consistent, I could see their point in the choosing of "Meets required and both options" but as stated do not agree with their conclusion...

Thanks for your time and input smart peoples...
Sign In or Register to comment.