Solved

Privilege precedence

Posted on 2006-11-01
4
264 Views
Last Modified: 2010-04-18
I have a top level directory in which I assign a certain group to have only read privileges. In a sub-directory inside that directory I have a folder where I assign a user to have full privileges to write files to it. That user is a member of the group that has only read privileges. Is there a conflict created in the sub-directory where I assigned the user to have full rights? Which get the precedence? The group privileges  or the user privileges ?
0
Comment
Question by:CodeParadise
4 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 150 total points
Comment Utility
privileges are given to a folder, and can be given to all the children explicitely or implicitely.
you have to check if the permissions on the child folder are "inherited" or not, ie if they take the inherited permissions or not.

now, granted privileges will accumulate, so if the users has no permissions itself, but the group he is part of has full control, the user has full control.
if the group has no permissions, but the user was granted full control, he will keep full control

only if at some point there is a deny, that overrides any granted permissions
0
 
LVL 12

Assisted Solution

by:Donnie4572
Donnie4572 earned 150 total points
Comment Utility
Permissions are accumaltive.

Example:
If I am a member af group1, group2, and group3
Group1 = read
Group2 = modify
Group3 = Full Control

My effective permission is Full Control. No conflict with this design.

Lets suppose that I am a member of Group4 which has been assigned the deny permission.
My effective permission is denied because deny always overides all allow permissions for that resource.
0
 
LVL 4

Author Comment

by:CodeParadise
Comment Utility
Thanks angelIII  and Donnie4572!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now