Explicit vs. inherited permissions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Explicit vs. inherited permissions

There are two types of permissions: explicit permissions and inherited permissions.

• Explicit permissions are those that are set by default when the object is created, by user action.

• Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.

By default, objects within a container inherit the permissions from that container when the objects are created. For example, when you create a folder called MyFolder, all subfolders and files created within MyFolder automatically inherit the permissions from that folder. Therefore, MyFolder has explicit permissions, while all subfolders and files within it have inherited permissions.

Notes

• Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry.

• Explicit permissions take precedence over inherited permissions, even inherited Deny permissions.

For more information on inherited permissions, see How inheritance affects file and folder permissions.