NTFS permissions?

W

William Stokes

Hello,

I read from 2003R2 server help that NTFS permissions are cumulative. So does
this mean that if user has a read access to a file via Domain Users Group
(to which he is a member) and Full Controll because of Creator Owner rights
(which he is) the result is that this user has full controll to the file?

I've been testing this scenario and it happens that the user seems to have
full controll while viewing Effective Access tab in the file properties but
he cannot rename the file. There's no direct rights in the file. All access
controll is inherited from parent folder. What am I missing here?

Thanks
-Will
 
M

Marcin Domaslawski

Hi,

I assume that it's not an file used by system or working app. Have you
checked after restarting explorer ? Sometimes Explorer simply holds files
handles and when you trying delete/move/rename file occurs message Access
denied.

Marcin Domaslawski
 
H

Harry Johnston

William said:
I read from 2003R2 server help that NTFS permissions are cumulative. So does
this mean that if user has a read access to a file via Domain Users Group
(to which he is a member) and Full Controll because of Creator Owner rights
(which he is) the result is that this user has full controll to the file?
Click to expand...

Yes and no. NTFS permissions are cumulative as you describe. However CREATOR
OWNER doesn't count directly towards a user's permissions, it is only used in
inheritance.

So if the permissions on the file say

Domain Users:R
CREATOR OWNER:F

the user will have read access. If the permissions were inherited from a
directory, CREATOR OWNER should have been automatically replaced by the
username, so it would look like

Domain Users:R
username:F

and the user would have full acccess.
I've been testing this scenario and it happens that the user seems to have
full controll while viewing Effective Access tab in the file properties but
he cannot rename the file.
Click to expand...

You should also note that you need write access to the folder as well as the
file in order to rename a file.

Harry.
 
W

William Stokes

Thanks.

It is how you suggested. The creator owner is from directory and the
username of the creator is shown in the files properties/security tab.

It was actually a very funny situation since the user was able to edit and
even delete the file but not rename it :) The problem was solved by adding
creator/owner rights to write to the directory holdin the file.

Will
 
G

Guest

I have found that when you give permission like that, if it affects other
files you will receive a pop up box that says something like: "This will
affect all files. Are you sure you want to do this?" And you can click no and
reverse the whole thing.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rights and Effective Permissions in XP Pro 2
w3k profiles 1
changing permisions from a client station on a network server share 1
Default file/folder security permissions for a new user 3
USERS group and NTFS permissions 1
Folder Permissions 2
NTFS Permissions allow deletion of file under any account at all times? 4
Deny Access to computer name 1

Top