Permissions
User rights control what a user can do on a network-wide basis. Permissions
enable you to fine-tune your network security by controlling access to specific
network resources, such as files or printers, for individual users or
groups. For example, you can set up permissions to allow users into the
accounting department to access files in the server's \ACCTG directory.
Permissions can also enable some users to read certain files but not modify or delete them.
Each network operating system manages permissions in a different way. Whatever the details, the effect is that you can give permission to each user to access certain files, folders, or drives in certain ways.
Any permissions that you specify for a folder apply automatically to any of that folder's subfolders, unless you explicitly specify a different set of permissions for the subfolder.
File system rights are referred to as trustee rights. NetWare has eight different trustee rights, listed in Table below. For every file or directory on a server, you can assign any combination of these eight rights to any individual user or group.
NetWare Trustee Rights| Trustee Right | Abbreviation | What the User Can Do |
| Read | R | The user can open and read the file. |
| Write | W | The user can open and write to the file. |
| Create | C | The user can create new files or directories. |
| Modify | M | The user can change the name or other properties of the file or directory. |
| File Scan | F | The user can list the contents of the directory. |
| Erase | E | The user can delete the file or directory. |
| Access Control | A | The user can set the permissions for the file or directory. |
| Supervisor | S | The user has all rights to the file. |
Windows refers to file system rights as permissions. Windows servers have six basic permissions, listed below. As with NetWare trustee rights, you can assign any combination of Windows permissions to a user or group for a given file or folder.
Windows Basic Permissions| Permission | Abbreviation | What the User Can Do |
| Read | R | The user can open and read the file. |
| Write | W | The user can open and write to the file. |
| Execute | X | The user can run the file. |
| Delete | D | The user can delete the file. |
| Change | P | The user can change the permissions for the file. |
| Take Ownership | O | The user can take ownership of the file. |
Note the last permission. In Windows, the concept of file or folder ownership is important. Every file or folder on a Windows server system has an owner. The owner is usually the user who creates the file or folder. However, ownership can be transferred from one user to another. So why the Take Ownership permission? This permission prevents someone from creating a bogus file and giving ownership of it to you without your permission. Windows does not allow you to give ownership of a file to another user. Instead, you can give another user the right to take ownership of the file. That user must then explicitly take ownership of the file.
You can use Windows permissions only for files or folders that are created on drives formatted as NTFS volumes. If you insist on using FAT or FAT32 for your Windows shared drives, you can't protect individual files or folders on the drives. This is one of the main reasons for using NTFS for your Windows servers.
