Effective Permissions


Effective Permissions is the cumulative permissions a user has for accessing a resource based on his or her individual permissions, group permissions, and group membership.



What are Effective Permissions?

Effective Permissions, in Microsoft Windows family, is the cumulative permissions a user has for accessing a resource based on his or her individual permissions, group permissions, and group membership. The effective permissions a user experiences trying to access a file or folder depend on the various permissions granted to the user expressly or by virtue of their membership in a particular group. When a permissions conflict exists between one group and another, or between the user and a group, rules are applied that resolve the issue.

Effective Permissions (Windows)
Effective Permissions (Windows)




How Effective Permissions work?

In networks based on Windows NT or Windows 2000, calculation of effective permissions can be determined using three simple rules:

First, if a user belongs to two (or more) groups, and these two groups have different NTFS standard file permissions on a given file, the user’s ability to access the file both locally and over the network is determined as follows:

  • The effective NTFS permission is the least restrictive (most permissive) NTFS standard permission. For example,read (NTFS) + change (NTFS) = change (NTFS)
  • The exception to this is that the no-access permission overrides all other permissions. For example,read (NTFS) + no access (NTFS) = no access (NTFS)




Second, if a user belongs to two (or more) groups, and these two groups have different shared folder permissions on a given shared folder, the user’s ability to access the shared folder over the network is determined as follows:

  • The effective shared folder permission is the least restrictive (most permissive) shared folder permission. For example,read (shared folder) + change (shared folder) = change (shared folder)
  • The exception to this is that the no-access permission overrides all other permissions. For example,read (shared folder) + no access (shared folder) = no access (shared folder)




Third, when a user attempts to access a folder or file over a network that has both NTFS permissions (the first example) and shared folder permissions (the second example) configured on it, the effective permission is the most restrictive (least permissive) permission. For example,

read (NTFS) + change (shared folder) = read (combined)

See also:



Editor

Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.