Permissions
epulone
Registered Users Posts: 4 ■□□□□□□□□□
Sorry for my basic question.
If I want to give permissions to read write or full controll etc... I just need to use the security tab from the properties of a resource and tick on allow. If I want to block the permission for an object ex: user or group I can use deny ....but removing the object from the list [group or users name] seems has the same effect >> no permission<<. Actually....what is the difference between the two actions?
Many Thanks
If I want to give permissions to read write or full controll etc... I just need to use the security tab from the properties of a resource and tick on allow. If I want to block the permission for an object ex: user or group I can use deny ....but removing the object from the list [group or users name] seems has the same effect >> no permission<<. Actually....what is the difference between the two actions?
Many Thanks
Comments
-
ptilsen
Member Posts: 2,835 ■■■■■■■■■■
Deny takes precedent over allow. This has very significant impact. Say for example, user A is a member of groups 1 and 2. User B is a member of only group 1, and user B is a member of only group 2. Let's say you don't want user B to have access to a directory named confidential, which groups 1 and 2 both have access to. If you remove group 1 from the ACL of confidential, user B will no longer have access. User A will still retain access since the user is a member of group 2. If you deny group 1 access, User A will also be denied access since User A is a member of group 1.
For this reason, it is usually preferable not to deny objects rights, but rather to only grant rights to those objects which should have them.