Permissions

epuloneepulone Registered Users Posts: 4 ■□□□□□□□□□
in MCTS / MCITP on Windows 2008 General
Sorry for my basic question.
If I want to give permissions to read write or full controll etc... I just need to use the security tab from the properties of a resource and tick on allow. If I want to block the permission for an object ex: user or group I can use deny ....but removing the object from the list [group or users name] seems has the same effect >> no permission<<. Actually....what is the difference between the two actions?

Many Thanks
· Share on FacebookShare on Twitter

Comments

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    Deny takes precedent over allow. This has very significant impact. Say for example, user A is a member of groups 1 and 2. User B is a member of only group 1, and user B is a member of only group 2. Let's say you don't want user B to have access to a directory named confidential, which groups 1 and 2 both have access to. If you remove group 1 from the ACL of confidential, user B will no longer have access. User A will still retain access since the user is a member of group 2. If you deny group 1 access, User A will also be denied access since User A is a member of group 1.

    For this reason, it is usually preferable not to deny objects rights, but rather to only grant rights to those objects which should have them.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
    · Share on FacebookShare on Twitter
  • epuloneepulone Registered Users Posts: 4 ■□□□□□□□□□
    Many thanks Ptilsen. Perfect
    · Share on FacebookShare on Twitter
Sign In or Register to comment.