I'm having strange issues trying to work out some permissions on a fileserver.
Users have a mapped drive to a root folder within which they see their departmental main folder and then within that are a single level of subfolders with distinct permissions requirements.
At the departmental folder level, the users are a member of a group that gives them Read access to "this folder only". They are then members of groups specific to each subfolder in there as required. These are configured as follows:
Each (first-level) subfolder has two permissions entries for the latter type of group. The first is applied to "This Folder Only" and has just read access and the second applied to "Subfolders and Files" has full control.
Despite this, users cannot, for example rename folders within the subfolder. Effective permissions on one such folder shows the user as having full control! The folder is not read-only either.
If I remove the "This Folder Only" entry and change the full control entry to "Folder, Subfolders and files" then all is well.
What am I missing? Thanks!