I have seen a lot of people
have problems understanding this topic so I thought I would offer my easy way to remember.
First a few ground rules:
1) No Access means no Access. If an NTFS or Share
Permission has No Access assigned to it than it does not matter what the other permissions
are. YOU HAVE NO ACCESS!!!
2) Permissions are cumulative. That means you add them up...you keep
getting more permissions.
OK now the window below is a SHARE Permission. That means you are
accessing the object remotely or more accurately via the network. You can be signed on to
the machine that has the file on its local Hard Drive but if you access it through the
network, like via Network Neighborhood you are accessing it remotely!
When Share permissions are assigned to a user or group the window keeps
getting bigger till you reach the most permissive permission. You add them up. UNLESS
(remember rule #1 above) there is a No Access assigned.
So no problem so far... until we add the NTFS Permissions into the mix.
Again the same rules apply to these permissions, that is you add them up and that's what
you get..unless..... you got it!! No Access means No Access!!!
Now here it is..... If you are accessing the file locally (not via the
network) forget about the Share Permissions. They don't come into play. Easy so far.
Now when you access it through the window or remotely (you have to pull
it through the window to use it) you can only see as much of the NTFS Permission as the
window will allow! Voila..that's it.
So if you have Full Control on the NTFS permissions locally but the
window is only open as far as Read then you can only read it.
If you have Full Control via the Share (or window) but the NTFS
Permission is Read well then you only have a Read permission available to be pulled
through the window.
That's it!!! E-mail me if you
have any questions or if you think I'm wrong. But try it on some of your test prep
questions and see if doesn't give you the right answer every time!!!