• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

File permissions doesn't seem to work

I'm behind a windows server 2008. I'm trying to change an access file permission that is on network. I gave full control to a specific user for both accdb and accde files. But whenever i try to open this file with the desired user, the file is opened as read-only. What is happening?
0
BrunoLeite
Asked:
BrunoLeite
2 Solutions
 
Kelly_WCommented:
Hello,
Are there any GPOs that the user is part of (or any groups that the user is part of) that is doing an explicit deny?  Denies always override everything else.
Thanks,
Kelly W.
0
 
BrunoLeiteAuthor Commented:
No, there's no deny in any user or group. On effective permissions all items are checked.
0
 
g000seCommented:
Hello,

When you say you grant them file permission, is it at the share or NTFS level?  If it is at the share level then you will need to make a change at the NTFS level.

Share vs. NTFS
Share permissions are the permissions you set for a folder when you share that folder. The share permissions determine the type of access others have to the shared folder across the network. There are three types of share permissions: Full Control, Change, and Read.

NTFS permissions determine the action users can take for a folder or file both across the network and locally. Unlike share permissions, NTFS permissions offer several other permissions besides Full Control, Change, and Read that can be set for groups or individually. The most restrictive permission applies when share and NTFS permissions conflict.

0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
BrunoLeiteAuthor Commented:
I'm right clicking the file, going to Properties and then to tab Security. The root folder is shared as read only for this user, but i made this change and expected it to work.
0
 
g000seCommented:
Go to the next sub-folder that you want to grant access to and go to properties to make the change or you can go to the root folder and click on advance to propagate the permissions to the rest of the child objects (sub-folders, files).
0
 
PberSolutions ArchitectCommented:

As g000se mentioned, it is likely your share permissions that are restricting the NTFS permissions.  
 
There are many theories out there to how best to provision shares/NTFS, but I personally control security with NTFS and limit maximum permissions with share permissions.  I never give out more that MODIFY (or CHANGE) at the share level.  This way if I or someone else grants too much access at the NTFS level, the share access will limit them to MODIFY only and they will never get FULL CONTROL.
A good way to check permissions is to load the Security TAB, then select Advanced and then select the Effective Permissions TAB.  You can select the user and check to see what rights they will have on a give folder or file.
 
0
 
g000seCommented:
Good call Pber on the break down.

Also, before proceeding, create a test folder, test users, and test out the share permissions and the NTFS (Folder/File security). This will help you get a better feel.
0
 
BrunoLeiteAuthor Commented:
That's it. Sharing permissions were restricting my NTFS permissions. Pber solution to the problem is awesome. I gave a change permission on sharing level and set users to read permission on NTFS level. Then i go fine tuning the files i need users to modify. Thanks a lot.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now