List Folder/Read Data

R

richard

I'm trying to clarify the exact roles of the various 'advanced
permissions'.

According to Help, 'List Folder/Read Data', when applied to a file,
allows the user to view the contents of a file.

To test this, I created:

e:\toplevel\level2\level3
and
e:\toplevel\level2\level3\testDoc.txt

To the toplevel folder,
Admins have Full Control
user81 has 'Traverse Folder/Execute File' and 'List Folder/Read Data'

These permissions are inherited all the way to testDoc.txt.

However, user81 can browse to the level3 folder but cannot read the
testDoc.txt document.

Evidently, List 'Folder/Read Data' does not allow the user to read
file contents.

Is that right or am I missing something here?

Richard
 
S

Steven L Umbach

Check the inherited security setting on the file itself for that user for
'List Folder/Read Data' and make sure the user is not a member of any group
with deny permissions to that file. The user will need 'List Folder/Read
Data' to "files" in that folder in order to be able to read the files. You
can select various combinations of folders/subfolder/files in the "apply
onto" drop down box in special permissions. The link below may help. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419 -- applies
to W2k also.
 
R

richard

Thanks for your post Steven.
The user will need 'List Folder/Read
Data' to "files" in that folder in order to be able to read the files.
Click to expand...

Thats what it says in the Help, and also on the link you sent me.
However a bit of experimentation has convinced me that 'List
Folder/Read Data' is necessary but not sufficient for a user to be
able to read a file.

The parent folder needs:
'List Folder/Read Data'.
The file needs:
'List Folder/Read Data',
'Read Extended Attributes',
'Read Permissions'
Check the inherited security setting on the file itself for that user for
'List Folder/Read Data' and make sure the user is not a member of any group
with deny permissions to that file
Click to expand...

I've checked that.

regards
Richard
 
R

richard

In your case to do what you want to do I believe what will work is simply
giving the user/group list folder contents and read general permissions on
the main security page.
Click to expand...

In practice, thats what I'd do. What I've been looking at are the
roles of the individual advanced permissions that are combined in
various ways to produce the 'general permissions'.

Thanks for your help,

regards
Richard
 
S

Steven L Umbach

In your case to do what you want to do I believe what will work is simply
giving the user/group list folder contents and read general permissions on
the main security page. You should then see that user/group listed twice
under special permissions. Once or folder, subfolders, and files and then
for folders and subfolders. Those would be approximately the minimum needed
special permissions for the user/group to list the files and read them. As
the KB article shows the general read permissions consists of a few special
permissions. Users will need read for permissions to see if they have access
to the file. If you have a question about a particular special permission, I
may be able to help. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Permissions Batch File 2
NTFS Permissions - Sub-Folders 4
File Security 1
Security on Folder and Files.. should be easy but MS Security is strange! 2
Allow saves and reads but not edits 8
Folder Share Permissions 2
Default file/folder security permissions for a new user 3
Win 2003 - Share can be read with no NTFS permission? 9

Top