Add New Permissions

To add new permissions:

Click Edit in the middle of the Security tab to open the Permissions dialog box. Click Add.
In the Select Users, Computers, Or Groups dialog box, click Advanced, click Find Now, double-click a single user, group, and/or computer to whom you want to grant permission, or hold ctrl while clicking several objects and then click OK. Click OK once more.
If you selected the new group that you created earlier in the Groups section to be added here, you will see that group automatically picked up the same permissions as those for the Users group because the new group you created is automatically a member of that group.
Select one of the new users, groups, or computers that will be given permissions, and then click Allow for the permissions that you want that entity to have, or click Deny to specifically exclude a permission. The tasks that can be performed with each permission are as follows:
- Full Control: The sum of all other permissions, plus delete subfolders, change permissions, and take ownership.
- Modify: The sum of the Read & Execute and the Write permissions, plus the delete folder permission.
- Read & Execute: The same as List Folder Contents, but inherited by both folders and files.
- List Folder Contents: Read permission, plus view the list of subfolders and files in a folder, as well as execute files, and move through folders to reach other files and folders, where the user may not have permission to access the intervening folders (inherited only by folders).
- Read: View the contents of subfolders and files in the folder, as well as view the folder's attributes (Archive, Hidden, Read-Only), ownership, and permissions.
- Write: Make subfolders and files inside the folder, plus view the ownership and permissions for the folder and change its attributes.
- Special Permissions: Detail permissions that are contained in the other six permissions.
After selecting the permissions that you want to use, click OK and then click Advanced. The Advanced Security Settings dialog box opens. Notice that the majority of the permissions are inherited and that the Creator Owner here is shown as having Special permission. This seeming inconsistency is due to the original parent permission being applied to subfolders and files only.
Select a user or group and click Edit twice. The Permission Entry dialog box appears, as shown next. This contains a more detailed level of permissions, called Special Permissions, which are contained within the primary permissions described in Step 3. The Special Permissions that are granted by each primary permission are shown in Table-1.
NOTE: Synchronize isn't a default permission unless the folder is set up for it.
Make any changes that you want to the detail permissions, check the check box at the bottom if you want the permission to be propagated to the subfolders and files of this folder, and click OK four times to close all open dialog boxes.

TIP: Denying everyone the Full Control permission prevents anybody from doing anything with the folder, including administrators. The folder looks like it is permanently locked to everybody, and if you try to delete it, for example, you will be denied access. An administrator, though, can still go in and change the permissions to something more reasonable and then the folder can be deleted.

Table-1. Special Permissions Granted by Primary Permissions for Folders (Primary Permission)

Special Permission	Read	Write	List Folder Contents	Read & Execute	Modify	Full Control
Transverse Folder/Execute File			Yes	Yes	Yes	Yes
List Folder/Read Data	Yes		Yes	Yes	Yes	Yes
Read Attributes	Yes		Yes	Yes	Yes	Yes
Read Extended Attributes	Yes		Yes	Yes	Yes	Yes
Create Files/Write Data		Yes			Yes	Yes
Create Folders/Append Data		Yes			Yes	Yes
Write Attributes		Yes			Yes	Yes
Write Extended Attributes		Yes			Yes	Yes
Delete Subfolders and Files						Yes
Delete Read Permissions	Yes	Yes	Yes	Yes	Yes	Yes
Change Permissions						Yes
Take Ownership						Yes
Synchronize	Yes	Yes	Yes	Yes	Yes	Yes

[Previous] [Contents] [Next]

Add New Permissions

In this tutorial: