File-Level Security for SharePoint Servers
SharePoint controls access to files stored within its database through user authentication, site groups, and similar SharePoint-specific security mechanisms. In addition to these considerations, care must be taken to secure actual file-level access to SharePoint itself. A secured database is useless if an unauthorized user can simply delete it or copy it off. A full understanding of the file-level security inherent in Windows Server is a must for a complete understanding of SharePoint security itself.