Controlling Access to Your Data
When your disk drive or storage device is formatted using NTFS, you can use NTFS permissions to control access to your data. As mentioned earlier, NTFS permissions can be broken down into five broad categories: basic permissions, special permissions, ownership permissions, inherited permissions, and effective permissions. The sections that follow discuss how to use each type of permission.
Basic Permissions
With NTFS, permissions are stored in the filesystem as part of the access control list (ACL) assigned to a file or a folder. As described in Table below, files and folders have a slightly different set of basic permissions.
When working with permissions, keep in mind that some permissions are inherited based on the permissions of a parent folder. Inherited permissions are applied automatically, and you cannot edit inherited permissions without first overriding them. If you try to access a folder on your local computer and do not have appropriate permissions to do so, Windows will prompt you to provide administrator permissions (by default). Once you enter the administrator permissions, you'll be able to access the local folder as an administrator.
Permission | How it is used | Used With |
---|---|---|
Full Control | Grants full control over the selected file or folder. Permits reading, writing, changing, and deleting files and subfolders. Also permits changing permissions, deleting files in the folder regardless of their permissions, and taking ownership of a folder or a file. Selecting this permission selects all the other permissions as well. | Files and Folders |
Modify | Permits reading, writing, changing, and deleting a file or folder. With folders, permits creating files and subfolders, but does not allow taking ownership of a file or folder. Selecting this permission selects all the permissions below it. | Files and Folders |
Read & Execute | Permits executing files. With folders, permits viewing and listing files and subfolders as well as executing files. If applied to a folder, this permission is inherited by all files and subfolders within the folder. Selecting this permission selects the List Folder Contents and Read permissions as well. | Files and Folders |
List Folder Contents | Permits viewing and listing files and subfolders as well as executing files. Inherited only by subfolders and not by files within the folder or its subfolders. | Folders only |
Read | Permits viewing and listing the contents of a file or folder. Permits viewing file attributes, reading permissions, and synchronizing files. Read is the only permission needed to run scripts. Read access is required to access a shortcut and its target. | Files and Folders |
Write | Permits creating new files in folders and writing data to existing files. Permits viewing file attributes, reading permissions, and synchronizing files. Doesn't prevent deleting a folder or file's contents. | Files and Folders |