Solved

Privilege precedence

Posted on 2006-11-01
4
272 Views
Last Modified: 2010-04-18
I have a top level directory in which I assign a certain group to have only read privileges. In a sub-directory inside that directory I have a folder where I assign a user to have full privileges to write files to it. That user is a member of the group that has only read privileges. Is there a conflict created in the sub-directory where I assigned the user to have full rights? Which get the precedence? The group privileges  or the user privileges ?
0
Comment
Question by:CodeParadise
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 150 total points
ID: 17853019
privileges are given to a folder, and can be given to all the children explicitely or implicitely.
you have to check if the permissions on the child folder are "inherited" or not, ie if they take the inherited permissions or not.

now, granted privileges will accumulate, so if the users has no permissions itself, but the group he is part of has full control, the user has full control.
if the group has no permissions, but the user was granted full control, he will keep full control

only if at some point there is a deny, that overrides any granted permissions
0
 
LVL 12

Assisted Solution

by:Donnie4572
Donnie4572 earned 150 total points
ID: 17853050
Permissions are accumaltive.

Example:
If I am a member af group1, group2, and group3
Group1 = read
Group2 = modify
Group3 = Full Control

My effective permission is Full Control. No conflict with this design.

Lets suppose that I am a member of Group4 which has been assigned the deny permission.
My effective permission is denied because deny always overides all allow permissions for that resource.
0
 
LVL 4

Author Comment

by:CodeParadise
ID: 18009248
Thanks angelIII  and Donnie4572!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question