Types of permissions

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Types of permissions

Users and administrators of x86-based networks use the Windows Server 2003 family permissions. Macintosh users set Macintosh-style permissions on the folders they create.

On a computer running a member of the Windows Server 2003 family, new files and subfolders inherit permissions from the folder in which they are created.

Macintosh files inherit the permissions set on folders. Any Windows Server 2003 family permission specified for a file will be recognized by File Server for Macintosh, even though the Macintosh user won't see any indication in the Finder that these permissions exist. There are four types of Macintosh-style permissions:

  • Cannot Move, Rename, Or Delete prohibits these actions on a folder.

  • Make Changes lets a user modify the contents of files in the folder, rename files, move files, create new files, and delete existing files.

  • See Folders lets a user see what folders are contained in the folder.

  • See Files lets a user see what files are in the folder and read those files.

A Macintosh user cannot give these permissions to multiple users and groups. Instead, permissions can be assigned to three categories of user.

  • Owner. The user who created the folder.

  • User/Group. Similar to the Windows Server 2003 family group associated with the folder. Every folder on a server can have one group associated with it at any one time. The group can be a special group such as users or administrators, or it can be any other group on the server.

  • Everyone. All other users of the server, including user accounts with guest access.

The Macintosh security scheme assumes that every folder on a server falls into one of three types: private information (accessible only by the owner of the folder); group information (accessible by a single workgroup); and public information (accessible by everyone).

For example, consider a folder containing information that all members of a certain group should see, but that only one person can change. The person allowed to change the information should be the Owner of the folder and should have See Files, See Folders, and Make Changes permissions. The workgroup that uses the folder should be the Group associated with the folder and should have only See Files and See Folders permissions. Because no one else needs to see the folder's contents, the Everyone category should not be selected.

Although a folder's owner will often be a member of the group associated with the folder, this need not be the case.

With both Macintosh-style and Windows-style permissions, users' access to folders can be defined differently for each folder and subfolder within a tree. For example, you could give a user See Files, See Folders, and Make Changes permissions for one folder, only See Files permission for a subfolder of that folder, and no permissions for another subfolder.